Recently, we discovered an issue with domain certifications. Previously, we only needed an A Record + CNAME Record. During recent domain purchases, we discovered the process has changed, and now a AAAA record is needed in addition to the A Record + CNAME Records, or a TXT Record needs to replace the CNAME.
When was this changed? I didn’t receive any type of notification about this.
Also, if a domain is stuck in an ‘issuing’ status, will it time out? Does it retry automatically, or do we need to manually choose ‘check again’?
However, this was in turn superseded by an easier process where you add a single _fly-ownership record in February 2026:
Crucially though:
the AAAA setup still works, so if you had that set up (an ipv6 address added to your app, a single AAAA record added on Cloudflare, NO A records) it will continue to work. Note this is not in addition to: the AAAA record
The old setup you describe with A record and/or CNAME caused no end of trouble when behind Cloudflare so it’s not recommended anymore.
A domain in “issuing” will continue to retry but it’s likely the failure is due to a misconfiguration, so it’s not likely to succeed unless you fix the issue. Happy to look if you let us know what the domain is, or you can run fly certs setup to get the new records to add, and if you do so, it should issue by itself in a few minutes.