Understanding subdomains - how do I get past "Awaiting configuration"?

I have my website hosted on substack. So if you go to my_website.com you just see a substack blog at www.my_website.com. The domain and the DNS settings are managed on Cloudflare.

I have an elixir app that I want to deploy on a subdomain: elixir_app.my_website.com. Currently this elixir app is successfully running on a fly domain like awesome-breeze-3254.fly.dev

I have set a CNAME record in my Cloudflare account that points elixir_app to awesome-breeze-3254.fly.dev

I have run “flyctl certs create elixir_app.my_website.com” to generate a certificate. When I run “flyctl certs list” it tells me that the certificate is “Awaiting Confirmation”.

What further steps do I have to take to get my app running on my subdomain?

Ok, so I found this post: Can't create cert for domain + subdomain - #2 by kurt

I got it working once I turned off the proxy in Cloudflare. I have no idea what that changes, but at least it works now.

I’ve had fun with Cloudflare too.

Enabling their proxy hides the Fly domain. Which is good at preventing attacks etc. Less good when the certificate validation tries to confirm your domain ownership, as you found.

You are right in that with it disabled, the certificate is then issued and all will work. But if you plan on re-enabling their proxy (aka “orange cloud”) such as if your site was attacked, certificate renewal will fail in the future. Inevitably at 2am. And so your visitors will get SSL errors.

To solve that, you need to add a separate DNS record. An “_acme-challenge”. But if you are happy with the proxy staying turned off permanently you don’t need to and it will be fine as it is. Just a heads-up.