Feature Friday: wildcard certificates, better hostname tools

Good news everyone, you can now add wildcard hostnames to Fly Edge Apps and get shiny wildcard certificates with minimal hassle.

Let's Encrypt requires DNS verification for wildcard certificates, so we've added that as an option for all hostnames. To pre-generate certificates:

  1. Add a hostname through our UI, API, or CLI
  2. Verify domain ownership with a DNS CNAME
  3. We generate certificates
  4. When you're ready, route traffic to your Fly app

This works with all Fly hostnames, not just wildcards. If you have a high traffic site to point at a Fly app, you can use the DNS verification mechanism to generate certificates before routing traffic to Fly.

Search your custom hostnames

Fly apps tend to have a lot of hostnames. Like thousands (we haven't cracked a million on any one app yet, but we'd like someone to).

So we added search. 🎉

Better plumbing

Detecting DNS issues and issuing certificates is hard because there are a lot of edge cases. We handle some very strange hostname setups now:

  • Both a CNAME and A record for an identical name: this isn't actually valid but it happens anyway.
  • Proxies all the way down: some DNS providers "conveniently" proxy traffic by default.
  • Divergent AAAA and A records: we've caught a few domains with mismatched records for ipv6 and ipv4. This seems to happen when people forget they have an AAAA record, change the A record, and their old ipv6 address stops working.

The end result of finding + fixing this type of weirdness is a much more resilient certificate management process.

Show Comments

Get the latest posts delivered right to your inbox.