SSL for custom domains doesn't seem to be working consistently

Hi guys,

We are using the old way of doing the custom domains and now we seem to have to migrate to the new way of doing it (NGINX proxy).

But the problem is that the new way doesn’t work consistently (every ~third request fails or is taking a lot of time, Google can’t access the pages from custom domain and etc, while everything works when accessing the resource with a direct link without using custom domain routed via fly.io). Everything also works fine for the domains that are still not migrated and are using the old setup.

We implemented the new flow in the same way as the documentation describes it (SSL for Custom Domains · Fly) so we are kind of baffled at what is wrong and what is happening.

Is there something we are doing wrong? Or is there a way to get the logs so we can better understand?

Another question is, do we need to deploy Docker/NGINX app to all datacenters, as well as do we need to define autoscaling somewhere, or how is the uptime/high availability handled in this case?

Any help would be gratefully appreciated, thank you.

Hey there,

Newly added hostnames take us a few minutes (usually under 5) to generate their certificates. There are various checks in place and then there’s the issue of distributing the Let’s Encrypt challenge responses globally.

Can you explain in more detail? I’m trying to figure out what’s wrong exactly here. Can you provide us with an example hostname? (you can send it via private message and I’ll take a look at it as soon as I get it.)

Hey Jerome,

Thank you for answering.

Yes, issuing of the certificates is fine (all of them are done in max a few minutes as you mentioned).

Where we do have issues is the proxy part, after the domain is up and running. We will follow up with a private message with a few test examples.