a month ago
Domain: www.thetisconsulting.com Service CNAME target: 9u0ta6be.up.railway.app TXT _railway-verify passes (green check in UI) but CNAME validation keeps cycling between "validating" and "incorrect dns setup." Cloudflare DNS only (grey cloud), SSL mode Full. Previously pointed at Vercel (now deleted). Domain was deleted and re-added multiple times during troubleshooting -- possible Let's Encrypt rate limit?
2 Replies
a month ago
Your DNS is resolving www.thetisconsulting.com to the A record 151.101.2.15 (a Fastly/Vercel IP), which conflicts with the CNAME pointing to us. Remove the stale A record for www in your Cloudflare DNS so only the CNAME remains, then the certificate validation should complete. Given the multiple delete/re-add cycles, you may also have hit Let's Encrypt's rate limit of 5 duplicate certificates per week per domain, in which case you would need to wait up to 7 days after fixing the DNS before a certificate can be issued.
Status changed to Awaiting User Response Railway • about 1 month ago
Status changed to Awaiting Railway Response Railway • about 1 month ago
Railway
Your DNS is resolving `www.thetisconsulting.com` to the A record `151.101.2.15` (a Fastly/Vercel IP), which conflicts with the CNAME pointing to us. Remove the stale A record for `www` in your Cloudflare DNS so only the CNAME remains, then the certificate validation should complete. Given the multiple delete/re-add cycles, you may also have hit Let's Encrypt's [rate limit](https://letsencrypt.org/docs/rate-limits/) of 5 duplicate certificates per week per domain, in which case you would need to wait up to 7 days after fixing the DNS before a certificate can be issued.
a month ago
dig 9u0ta6be.up.railway.app resolves to 151.101.2.15, which is a Vercel/Fastly IP, not a Railway IP. The issue appears to be on Railway's side -- the endpoint itself is misconfigured.
Status changed to Open Railway • about 1 month ago