@omen OK, I figured out how configure Fastly now...
Please configure it like below:
Enable TLS - Yes
Verify Certificate - Yes
Certificate hostname - In my case, it is wildcard. But since you use the 'manual' provider, the hostname is subdomain.example.com.
SNI hostname - this is subdomain.example.com.
With the above settings, fastly serves up pages fine on http.
c787fbfb-57bb-4793-a100-3da1015ba6a5-image.png
One thing to remember is, because you are using "manual" DNS provider, Cloudron requires "http" callbacks for Let's Encrypt to work. I am not sure how this works in fastly, does it allow you to have some URLs that are not "cached" ? I guess one way is to call the Cloudron app subdomain as "website.domain.com" but the domain in fastly should be something else like "realwebsite.domain.com" (meaning, name it different). This way, manual setting on Cloudron can continue to use HTTP reliably to get certificates.
If you want the domain names to be same, you have to use one of the automated DNS providers in Cloudron.