Setting up a custom domain

Hi, everyone.

I have an issue where works but doesn’t. For context, I followed the How to Do Custom Domains With Fly tutorial and started by adding A and AAAA records as instructed:

A @ [v4 address]
AAAA @ [v6 address]

Was I right to use @ as the host here? Then, I created a certificate for my-app. Here’s what I did (with placeholder names):

➜  (main) flyctl certs create -a my-app
Your certificate for is being issued. Status is Awaiting certificates. Make sure to create another certificate for when the current certificate is issued.

Looks good and after a few minutes I could access but not Then, as was suggested, I created a certificate for by doing the following:

➜  (main) flyctl certs create -a my-app
You are creating a certificate for
We are using Let's Encrypt for this certificate.

You can configure your DNS for by:

1: Adding an CNAME record to your DNS service which reads:

    CNAME www.

So, I went to hover and added the new CNAME record. Up to now, I’ve added A and AAAA records as well as the CNAME mentioned above.

That tutorial goes on to suggest using flyctl certs show -a my-app to watch your certificates being issued but that command doesn’t work (error below) so I guess the API has changed since it was written. I look in my dashboard and see both certificates but the is showing as not verified. I did this on Saturday initially and figured I should wait at least a day for DNS propagation but now, on Monday, it’s still not working. Any thoughts?

Here’s the output from the flyctl certs show -a my-app command. I’ve tried running it with app name and then flags, as it suggests, but that doesn’t work.

➜  (main) flyctl certs show -a my-app
Error: accepts 1 arg(s), received 0
  flyctl certs show <hostname> [flags]

What does work, however, is flyctl certs show so maybe the documentation needs updating here as it’s a little confusing.

What am I missing here? It doesn’t seem like a DNS propagation issue.

Thanks in advance! :slight_smile:


I was in the Certificates section of my dashboard, looking at the certificate (the verified one) and noticed it showing the recommended A and AAAA records using @ as their host, just as I’d done. That’s one question cleared up, I guess.

In the certificate, however, despite it showing it as not being verified, it now suggested adding A and AAAA records (with the same v4 and v6 addresses) but this time with www as host. That is, for me to now have 2 x A and 2 x AAAA records. When adding these certificates on the command line, I didn’t tell me to do this; it just said to create that CNAME record.

Anyway, I added these and within a couple of minutes I could access as well as Great. The www certificate still shows as not verified in my dashboard but I guess that’ll change soon.

In general, it seems like that tutorial may need updating. In the end, is my setup correct? I have now added the following records:

A @ [v4 address]
AAAA @ [v6 address]

A www [v4 address]
AAAA www [v6 address]

CNAME www.

The docs and help text do need some love. It’s a few things down our priority list, but it’ll happen.

You only need A/AAAA records for the apex because CNAME records aren’t allowed there. For subdomains a CNAME works just fine.

Hi, @michael. Thanks for the reply.

At the time of writing this, the only way I was able to see was to add the second set of A/AAAA records for www, as shown in my last comment.

Based on what you’ve said, what would you change about my setup? It’s exactly as shown in the last comment, i.e. 2 x A/AAAA for @ and 2 x A/AAAA for www. This is working but if there’s a better setup, I’d like to know as I’m relatively new to this and would like to learn best practices here. Thank you!