Hi team - certificate question for you - We are looking at putting our Fleet EC2 behind an Elastic Load Balancer in AWS, which will sit behind Cloudflare. Does the certificate for Fleet have to be on the EC2, or can it be on Cloudflare or the ELB? I'm referring to the certificate that clients would use to communicate with the Fleet server.

No problem there. As long as the clients see a valid cert they won't complain.

Cool, thank you! So how would that look from a fleet.config perspective? Would I still have the cert on the local box and point to that, or would I need to point to the Cloudflare or AWS cert?

You can have the ELB terminate TLS and turn off TLS in the Fleet config.

Ah nice. Thank you!

Not sure if you already are, but I'd recommend using the Terraform which will ease getting everything set up: https://fleetdm.com/announcements/fleet-terraform-module#how-to-use-the-module

Unfortunately I'm doing this manually at the moment, but Terraform is on the horizon for future deployments.