Use a custom domain

When you create a Fly App, it is automatically given a sub-domain, based on the app’s name. This is great for testing, but when you want to go to full production you’ll want your application to appear on your own domain and have HTTPS set up for you as it is with your domain. That’s where the fly certs command comes in. But let’s step back before we set up the TLS certificate, to the first step: directing traffic to your site.

Set a CNAME record

The simplest option for directing traffic to your site is to create a CNAME record for your custom domain that points at your host. For example, if you have a custom domain called and an app called exemplum, then you can create a CNAME record for‘s DNS that would look like:


You’ll need to configure this with your DNS provider.

Now, accessing will tell the DNS system to look up and return its results.

Set the A record

The other option is slightly more complicated because it uses the IP address of the app, rather than its DNS name. The upside is that it is slightly faster.

To start, you need the Fly IP address of your deployed application. To get that, use the fly ips list command.

You’ll need to configure the A record with your DNS provider. You need to add in an “A Record” for your domain that points to the IP address. Once this is done and propagated through the DNS system, you should be able to connect over unencrypted HTTP to using the domain name. Continuing the preceding example, that’s the domain name:

Get certified

You’ll need an SSL certificate for your domain if your app:

  1. should accept HTTPS connections, or
  2. uses a shared IPv4 anycast address. The Fly Proxy uses the cert to associate the custom domain name with your app for routing purposes.

Create a certificate for your custom domain with the fly certs add command. For example:

fly certs add
  Hostname                    =
  Configured                  = true
  Issued                      =
  Certificate Authority       = lets_encrypt
  DNS Provider                = enom
  DNS Validation Instructions =
  DNS Validation Hostname     =
  DNS Validation Target       =
  Source                      = fly
  Created At                  = 0001-01-01T00:00:00Z
  Status                      =

Running fly certs add starts the process of getting a certificate.

Run fly certs show to get the details needed for your next step. For example:

fly certs show
  Hostname                    =
  Configured                  = true
  Issued                      = ecdsa, rsa
  Certificate Authority       = lets_encrypt
  DNS Provider                = enom
  DNS Validation Instructions = CNAME =>
  DNS Validation Hostname     =
  DNS Validation Target       =
  Source                      = fly
  Created At                  = 1m24s ago
  Status                      = Ready

The DNS Validation Instructions are an optional next step. For a short time (minutes) after we start the process of generating the first-ever certificate for your site, trying to load that site with an HTTPS URL will generate errors. If you’d like to make sure those errors aren’t ever visible, you can use a DNS challenge to pre-generate the certificate.

To do that, you need to create a CNAME DNS record for a subdomain, _acme-challenge, of your domain (the DNS Validation host name) and point it at the DNS Validation Target. The process will depend on your DNS provider. Once complete, and the updated DNS data has propagated, that domain will be queried and confirm you have control of it. Certificates will be generated and installed and you’ll be able to access your custom domain.

Supported top-level domains

We support the top-level domains on the IANA list. Note that we only periodically update top-level domain support and there might be a delay before we add support for new top-level domains.

For a more detailed example of configuring custom domains, see the Custom domains and SSL certificates guide.