2 months ago
Hi
I'm struggling with a wildcard SSL and getting it re-validated.
The previously working SSL expired on 24/12/2025.
I've since deleted the custom domain and re-added with corresponding DNS records in Cloudflare (unproxied)
But everytime I do this - the process appears to be stuck at 'Certificate Authority Validating Challenges'
Its causing me real problems, as I have several sites sat under the wild card.
2 Replies
2 months ago
Hey Mike, I know that the wildcard previously worked so going to ask for a few debug steps first before I send this to our network engineers.
Can you confirm that you have two CNAME records. The first points your wildcard domain (like *.yourdomain.com) to Railway, and the second is the _acme-challenge record (pointing to authorize.railwaydns.net), which Railway uses to validate and issue your SSL certificate.
The key thing to watch out for is that _acme-challenge record—it needs to be set to "DNS Only" in Cloudflare, not proxied. If it's proxied (showing the orange cloud), the certificate validation won't go through. Also make sure Universal SSL is enabled in Cloudflare if you're using wildcard subdomains.
Once both records are in place and the _acme-challenge is unproxied, the certificate usually issues within an hour, though Railway will keep trying for up to 72 hours if needed. (We also added a "try again" recently too.
Can you verify that both CNAME records are showing in your Cloudflare dashboard and that the _acme-challenge record is set to DNS Only?
Status changed to Awaiting User Response Railway • 2 months ago
2 months ago
Thanks Angelo - it looks like this has resolved itself overnight the cert has been issued succesfully - fyi I made no changes to my existing set up in Cloudflare
Status changed to Awaiting Railway Response Railway • 2 months ago
Status changed to Solved ray-chen • 2 months ago