Use a custom domain
When you create a Fly App, it is automatically given a fly.dev sub-domain, based on the app’s name. This is great for testing, but when you want to go to full production you’ll want your application to appear on your own domain and have HTTPS set up for you as it is with your .fly.dev domain. That’s where the fly certs command comes in. But let’s step back before we set up the TLS certificate, to the first step: directing traffic to your site.
Set a CNAME record
The simplest option for directing traffic to your site is to create a CNAME record for your custom domain that points at your .fly.dev host. For example, if you have a custom domain called example.com and an app called exemplum, then you can create a CNAME record for example.com‘s DNS that would look like:
CNAME @ exemplum.fly.dev
You’ll need to configure this with your DNS provider.
Now, accessing example.com will tell the DNS system to look up exemplum.fly.dev and return its results.
Set the A record
The other option is slightly more complicated because it uses the IP address of the app, rather than its DNS name. The upside is that it is slightly faster.
To start, you need the Fly IP address of your deployed application. To get that, use the fly ips list command.
You’ll need to configure the A record with your DNS provider. You need to add in an “A Record” for your domain that points to the IP address. Once this is done and propagated through the DNS system, you should be able to connect over unencrypted HTTP to using the domain name. Continuing the preceding example, that’s the domain name: http://example.com.
Get certified
You’ll need an SSL certificate for your domain if your app:
- should accept HTTPS connections, or
- uses a shared IPv4 anycast address. The Fly Proxy uses the cert to associate the custom domain name with your app for routing purposes.
Create a certificate for your custom domain with the fly certs add command. For example:
fly certs add example.com
Hostname = example.com
Configured = true
Issued =
Certificate Authority = lets_encrypt
DNS Provider = enom
DNS Validation Instructions =
DNS Validation Hostname =
DNS Validation Target = example.com.5xzw.flydns.net
Source = fly
Created At = 0001-01-01T00:00:00Z
Status =
Running fly certs add starts the process of getting a certificate.
Run fly certs show to get the details needed for your next step. For example:
fly certs show example.com
Hostname = example.com
Configured = true
Issued = ecdsa, rsa
Certificate Authority = lets_encrypt
DNS Provider = enom
DNS Validation Instructions = CNAME _acme-challenge.example.com => example.com.5xzw.flydns.net.
DNS Validation Hostname = _acme-challenge.example.com
DNS Validation Target = example.com.5xzw.flydns.net
Source = fly
Created At = 1m24s ago
Status = Ready
The DNS Validation Instructions are an optional next step. For a short time (minutes) after we start the process of generating the first-ever certificate for your site, trying to load that site with an HTTPS URL will generate errors. If you’d like to make sure those errors aren’t ever visible, you can use a DNS challenge to pre-generate the certificate.
To do that, you need to create a CNAME DNS record for a subdomain, _acme-challenge, of your domain (the DNS Validation host name)
and point it at the DNS Validation Target. The process will depend on your DNS provider. Once complete, and the updated DNS data has propagated, that domain will be queried and confirm you have control of it. Certificates will be generated and installed and you’ll be able to access your custom domain.
Related topics
For a more detailed example of configuring custom domains, see the Custom domains and SSL certificates guide.