I used flyctl certs create "*.validate.run"
and I got this:
You are creating a wildcard certificate for *.validate.run
We are using lets_encrypt for this certificate.
You can validate your ownership of *.validate.run by:
1: Adding an AAAA record to your DNS service which reads:
AAAA @ 2a09:8280:1::3:484c
OR
1: Adding an CNAME record to your DNS service which reads:
CNAME _acme-challenge.validate.run => validate.run.9o0nx.flydns.net.
From what I understand, this means that the AAAA record is enough to validate ownership. I thought “well that’s probably some new thing, let’s just follow it”. Turns out it doesn’t work and I didn’t figure out what I need to do until I went to the GUI website and there the OR was gone. Suddenly the CNAME record is the only way to verify ownership (which makes sense)