Your fly app cannot terminate *.fly.dev, only fly servers can.
In case where https with tls is offloaded to fly servers, your fly app would have to handle plaintext http/1.1 and h2c (http2 cleartext), depending on ALPNs set in fly.toml: Fly Proxy H/2 Details
In case where your fly app terminates tls, you’d could front your app with haproxy / nginx / caddy / your-own-code that can handle such a setup. To run multiple processes in a single fly app, ref this doc entry.
Here’s a golang fly app that I co-wrote that does both, offloads tls to fly servers on ports 1853 / 1443, and terminates tls on ports 443 and 853 (ref), and here’s a nodejs app doing it as two separate fly apps (1, 2) (one that terminates tls itself, the other that offloads it to fly servers).