SSL error when connecting to my site

I’m noticing that my fly.io site works with HTTP but not HTTPS. I feel like I must be doing something wrong somehow, but I haven’t changed anything and am kind of at a loss for how to proceed. I tried redeploying and switching my fly.toml from using [service] to [http_service] but it didn’t seem to help. A few things that do/don’t work:

curl http://messwithdns.net/ -I
HTTP/1.1 200 OK
...
$ curl https://mess-with-dns.fly.dev/ -I
HTTP/2 200
...
$ curl https://messwithdns.net/ -v
* Host messwithdns.net:443 was resolved.
* IPv6: (none)
* IPv4: 213.188.214.254
*   Trying 213.188.214.254:443...
* Connected to messwithdns.net (213.188.214.254) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to messwithdns.net:443
* Closing connection
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to messwithdns.net:443

what do you see at https://fly.io/apps/mess-with-dns/certificates ?

here’s what I see! Looks like the certificate expired on February 3 but it’s not clear why it wasn’t renewed

if I check the DNS records for messwithdns.net I don’t see AAAA (nor CNAME) records and it’s required.

Did you have it in the past and recently deleted it? Custom domains · Fly Docs

1 Like

thanks so much, looks like that’s what happened! I made some DNS changes back in November which I guess broke this.

I would also add a manual acme CNAME verification just to be sure. Mine domains auto renewed after I set that up.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.