Use a custom domain

When you create a Fly App, it is automatically given a fly.dev sub-domain, based on the app’s name. This is great for testing, but when you want to go to full production you’ll want your application to appear on your own domain and have HTTPS set up for you as it is with your .fly.dev domain. That’s where the fly certs command comes in. But let’s step back before we set up the TLS certificate, to the first step: directing traffic to your site.

Set a CNAME record

The simplest option for directing traffic to your site is to create a CNAME record for your custom domain that points at your .fly.dev host. For example, if you have a custom domain called example.com and an app called exemplum, then you can create a CNAME record for example.com‘s DNS that would look like:

CNAME @ exemplum.fly.dev

You’ll need to configure this with your DNS provider.

Now, accessing example.com will tell the DNS system to look up exemplum.fly.dev and return its results.

Set the A record

The other option is slightly more complicated because it uses the IP address of the app, rather than its DNS name. The upside is that it is slightly faster.

To start, you need the Fly IP address of your deployed application. To get that, use the fly ips list command.

You’ll need to configure the A record with your DNS provider. You need to add in an “A Record” for your domain that points to the IP address. Once this is done and propagated through the DNS system, you should be able to connect over unencrypted HTTP to using the domain name. Continuing the preceding example, that’s the domain name: http://example.com.

Get certified

To enable HTTPS on the domain, you need to get a certificate. Fly.io does that for you automatically.

It starts with creating a certificate for your custom domain with the fly certs add command. For example:

fly certs add example.com

  Hostname                    = example.com
  Configured                  = true
  Issued                      =
  Certificate Authority       = lets_encrypt
  DNS Provider                = enom
  DNS Validation Instructions =
  DNS Validation Hostname     =
  DNS Validation Target       = example.com.5xzw.flydns.net
  Source                      = fly
  Created At                  = 0001-01-01T00:00:00Z
  Status                      =

Running fly certs add starts the process of getting a certificate.

Run fly certs show to get the details needed for your next step. For example:

fly certs show example.com

  Hostname                    = example.com
  Configured                  = true
  Issued                      = ecdsa, rsa
  Certificate Authority       = lets_encrypt
  DNS Provider                = enom
  DNS Validation Instructions = CNAME _acme-challenge.example.com => example.com.5xzw.flydns.net.
  DNS Validation Hostname     = _acme-challenge.example.com
  DNS Validation Target       = example.com.5xzw.flydns.net
  Source                      = fly
  Created At                  = 1m24s ago
  Status                      = Ready

The DNS Validation Instructions are an optional next step. For a short time (minutes) after we start the process of generating the first-ever certificate for your site, trying to load that site with an HTTPS URL will generate errors. If you’d like to make sure those errors aren’t ever visible, you can use a DNS challenge to pre-generate the certificate.

To do that, you need to create a CNAME DNS record for a subdomain, _acme-challenge, of your domain (the DNS Validation host name) and point it at the DNS Validation Target. The process will depend on your DNS provider. Once complete, and the updated DNS data has propagated, that domain will be queried and confirm you have control of it. Certificates will be generated and installed and you’ll be able to access your custom domain.

Related topics

For a more detailed example of configuring custom domains, see the Custom domains and SSL certificates guide.

Edit this page on GitHub