Certificate error

5 months ago

Hi, I'm not sure if the issue was completely solved. I'm still having SSL errors:


Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

Project: 76befed3-8115-4ada-a38d-25458ed0565b

Service: bf080c6f-ead5-4ae4-ab60-740d16e09344

Solved

190 Replies

5 months ago

Ack, Looking into it right now!


bathai
PRO

5 months ago

I am getting the same error too. I use Cloudflare as well but this issue is new and we didn't change anything


scaletoinfinity
PRO

5 months ago

Same here!

Project: 01485e2d-34be-40e1-9b0e-92134db9b54a

Service: 16ab0087-a6b1-4d12-8e70-287af744b86c


jonas-admin
PRO

5 months ago

we have the same issue as well


Provide domain please?


jonas-admin
PRO

5 months ago

otelcol.prod.ap-southeast-1.rlwy.internal.psmnd.dev


jonas-admin
PRO

5 months ago

behind cloudflare zero trust


jonas-admin
PRO

5 months ago

it's not every domain though


Yep, seems like a Fastly <> CF issue


scaletoinfinity
PRO

5 months ago

Angelo - Can you look it up from this so I don't have to expose the domain?

Project: 01485e2d-34be-40e1-9b0e-92134db9b54a

Service: 16ab0087-a6b1-4d12-8e70-287af744b86c


Talking with both teams


jonas-admin
PRO

5 months ago

yeah we have an old domain pointed to our otelcol instance (made way before the cf one click update) and that one works


Note for everyone on the thread, we put all domains behind a CDN to give DDoS protection by default, hence the issue.


Yea, ack, networking team working on it


davidbloxgame
PRO

5 months ago

I thought I got taken down 😂😂


You'd get an email


12unicorns
PRO

5 months ago

2nd P0 issue in a week. ☹

Please keep up posted on a resolution.


12unicorns

2nd P0 issue in a week. ☹ Please keep up posted on a resolution.

Domain? We are working on excepting people affected to move 'em off of Fastly.


angelo-railway

Domain? We are working on excepting people affected to move 'em off of Fastly.

12unicorns
PRO

5 months ago

stacks.africa, dashboard.stacks.africa, africaawesome.com

Thank you!


chrisswhitneyy
PRO

5 months ago

Seeing the same issue on multiple projects & services. Behind cloudflare as well.


For the record, we set up the CDN as a broad shield against DDoS attacks to make it so that we would make it so that other workloads wouldn't bring down yours, seems like there is some cert disagreement between Cloudflare and Fastly.


jerrett
PRO

5 months ago

this seems very widespread, it's impacting me as well on multiple sites


jerrett

this seems very widespread, it's impacting me as well on multiple sites

Domain? Raising to the network team.


keef
PRO

5 months ago

Hey angelo, would you able to look at quack.food as well please? its been over an hour and users are panicking.


scaletoinfinity
PRO

5 months ago

What is the cause of this? Did you do a big infrastructure change yesterday?

The Fastly SAN certs seems to miss domains etc. idd.

Plan is to move us off and then on again later?

Eta?


bathai
PRO

5 months ago

I have my entire website down. I use cloudflare for DNS with proxy mode on. Is there a solution for this issue yet?


Network workaround from the eng. team is mentioning that re-adding the domain should restore access. Can you folks attempt that?


5 months ago

Same thing, re-added the domain and cloudflare dns


One other question network eng. has is if these are root domains in CF?


5 months ago

Yes


5 months ago

Root and sub in CF and Railway


davidbloxgame
PRO

5 months ago

I tried readding already awhile ago. Also remove the proxy and allow dns to flow. Same error. And yes same as above


angelo-railway

Network workaround from the eng. team is mentioning that re-adding the domain should restore access. Can you folks attempt that?

12unicorns
PRO

5 months ago

This does not work. I tried adding an additional domain - same issue.


Noted, Network Eng. has fresh logs that they are looking at. Is it possible for you to disable CF if it's in the critical path?


shubhchauhan13
HOBBY

5 months ago

Readding domain does not work, tried adding one more domain. How much time it can take? We are losing money :(


scaletoinfinity
PRO

5 months ago

I gave the wrong project and service before, that project and service was running.

it's this not running:

Project: 3816cd49-1c8a-4c26-a2aa-7656f8c9b6da

Service: a9869caa-d423-41cb-9ed1-96efea0cd26f

I just tried readding the domain, does not work yet.


Heard, still working through it, if you can disable CF that would be the workaround. The irony is not lost on us after years of recommending CF name servers.


azbonfi
FREE

5 months ago

Hello, we’ve encountered this issue and our services are currently down. How can we fix it? Our customers are waiting and we can’t provide service — we’re losing money and reputation. What’s the solution?

bonfi.az


chrisswhitneyy
PRO

5 months ago

Re added the domain and turned off proxying on cloudflare, still seeing the same error


azbonfi
FREE

5 months ago

Can’t you roll back whatever you did yesterday?

Okay, we got recovery in one with a mitigation, we're going to work down the list.


angelo-railway

Domain? Raising to the network team.

jerrett
PRO

5 months ago


azbonfi

``` Can’t you roll back whatever you did yesterday? ```

Try now


scaletoinfinity
PRO

5 months ago

It has nothing to do with Claudflare, and everything to do with your Fastly SAN certs.

We can't disable Claudflare lol, we use zero auth for traffic filtering.

Maybe update your status: https://status.railway.com/


angelo-railway

Okay, we got recovery in one with a mitigation, we're going to work down the list.

chrisswhitneyy
PRO

5 months ago

Awesome! Do you need any info about the project and service?


davidbloxgame
PRO

5 months ago

Issue persists at bloxgame.com and bloxgame.us


hwhelchel
PRO

5 months ago

deleted


Re: back for Bloxgame


5 months ago

Still need help here guys

76befed3-8115-4ada-a38d-25458ed0565b

bf080c6f-ead5-4ae4-ab60-740d16e09344


shubhchauhan13
HOBBY

5 months ago

p


angelo-railway

Try now

hwhelchel
PRO

5 months ago

https://singwiththestars.com/ still an issue on my site as well thanks so much for your help.


jerrett

[lamplit.ca](http://lamplit.ca)[celebratorygathering.ca](http://celebratorygathering.ca)

Got not found for this one :|


keef
PRO

5 months ago

can you check this please, its been over an hour

https://quack.food/

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.


scaletoinfinity

I gave the wrong project and service before, that project and service was running. it's this not running: Project: 3816cd49-1c8a-4c26-a2aa-7656f8c9b6da Service: a9869caa-d423-41cb-9ed1-96efea0cd26f I just tried readding the domain, does not work yet.

We seem to be back on that service, can you confirm?


bathai
PRO

5 months ago

Can you check *.teamfundraising.org please?


hwhelchel

<https://singwiththestars.com/> still an issue on my site as well thanks so much for your help.

Back


davidbloxgame
PRO

5 months ago

Confirmed working. Also Bloxdrop is affected (same railway pro account)


azbonfi
FREE

5 months ago

We’re having the same issue as well on https://bonfi.az. What can we do to help you support us?


keef

can you check this please, its been over an hour <https://quack.food/> Requested host does not match any Subject Alternative Names (SANs) on TLS certificate \[766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76\] in use with this connection. Visit <https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors> for more information.

Triggered mitigation, will take a min to propagate.


angelo-railway

Back

hwhelchel
PRO

5 months ago

thank you so much


plinpod
PRO

5 months ago

Having this same issue as well


shubhchauhan13
HOBBY

5 months ago

p


markkdev
PRO

5 months ago

Hi, catching up on this, tried removing/creating a custom domain, is the 404 issue for newly created domains separate from the CF issue? Also hosted on CF


chrisswhitneyy
PRO

5 months ago

api.piquetickets.com project id: 5e043e61-0757-4a02-bb7e-07d2b24b7ea2



markkdev

Hi, catching up on this, tried removing/creating a custom domain, is the 404 issue for newly created domains separate from the CF issue? Also hosted on CF

Domain please?


scaletoinfinity
PRO

5 months ago

Status on this?

Project: 3816cd49-1c8a-4c26-a2aa-7656f8c9b6da

Service: a9869caa-d423-41cb-9ed1-96efea0cd26f


bathai
PRO

5 months ago

I tried removing and adding domain on railway and I am now getting SSL handshake failed Error code 525. Please help me how to resolve this issue


baoa111
HOBBY

5 months ago

I having same issue as well

project id: a5759242-e792-4557-ac67-c246887aba6a


angelo-railway

Triggered mitigation, will take a min to propagate.

keef
PRO

5 months ago

thank you for the quick response, much appreciated


5 months ago

Still down: api.bldr.chat and bldr.chat


12unicorns

stacks.africa, dashboard.stacks.africa, [africaawesome.com](http://africaawesome.com) Thank you!

12unicorns
PRO

5 months ago

@Angelo, could you please assist.


angelo-railway

Domain please?

markkdev
PRO

5 months ago

reelstorage.com


jerrett
PRO

5 months ago

ya'll shold really roll it back and figure out a fix that doesn't involve manually dealing with every cloudflare domain, just sayin' 🤷


vasinl124
PRO

5 months ago


shubhchauhan13
HOBBY

5 months ago

p


angelo-railway

<https://www.bonfi.az/> is back

azbonfi
FREE

5 months ago

What does that mean? Should it be working now? I’m checking, but it’s still not working.


azbonfi

We’re having the same issue as well on https://bonfi.az. What can we do to help you support us?

Might need to hard refresh, loading on my side.


shubhchauhan13

p

Loading on my side, you may need to hard refresh


shubhchauhan13
HOBBY

5 months ago

p


azbonfi
FREE

5 months ago

Has the issue been fixed for anyone? If you react to this message, we can tell who it’s working for and who is still experiencing the problem.


azbonfi

Has the issue been fixed for anyone? If you react to this message, we can tell who it’s working for and who is still experiencing the problem.

This is your site loading fine from USE.

Attachments


5 months ago

Still happening for: https://api.bldr.chat


vasinl124

[https://jumpquant.app](https://jumpquant.app/) please help

Back


plinpod
PRO

5 months ago

Same Issue

project: e8e680d7-7b9c-4ced-8933-c7db32634ef2

service: e64f9d88-c3f6-4ad8-b7bf-32d7cd8bdebd


baoa111

I having same issue as well project id: a5759242-e792-4557-ac67-c246887aba6a

Mitigations applied


chrisswhitneyy

[api.piquetickets.com](http://api.piquetickets.com) project id: 5e043e61-0757-4a02-bb7e-07d2b24b7ea2

chrisswhitneyy
PRO

5 months ago

back up, gracias


junkzen
HOBBY

5 months ago

Can we get our app fixed? https://mockwell.ai/


markkdev
PRO

5 months ago

Thanks for your help @angelo-railway, best of luck to the folks on call getting through this tonight.


plinpod

Same Issue project: e8e680d7-7b9c-4ced-8933-c7db32634ef2 service: e64f9d88-c3f6-4ad8-b7bf-32d7cd8bdebd

Mitigations applied


bathai
PRO

5 months ago

Can you please help me with Teamfundraising.org please. It's been over an hour and I am already getting emails from my customers


junkzen

Can we get our app fixed? <https://mockwell.ai/>

Mitigations applied


angelo-railway

Mitigations applied

plinpod
PRO

5 months ago

thank you!


bathai

Can you please help me with [Teamfundraising.org](http://Teamfundraising.org) please. It's been over an hour and I am already getting emails from my customers

webhooks.teamfundraising.org mitigations applied to this one


angelo-railway

Mitigations applied

5 months ago

Can you take a look at https://api.bldr.chat please? I opened the conversation 🥹


junkzen

Can we get our app fixed? <https://mockwell.ai/>

Mitigatons applied


devhowyalike
HOBBY

5 months ago

Every day it's something else...


shubhchauhan13
HOBBY

5 months ago

thanks angelo, You're a GOAT


bathai
PRO

5 months ago

What about other subdomains? I changed the *.teamfundraising.org to new domain like you asked on Railway and now I am getting SSL handshake failed Error code 525


kenny019
PRO

5 months ago

Having the same issues on https://api.kyubi.gg/, https://prod.kyubi.gg/ thanks!


devhowyalike

Every day it's something else...

If you aren't providing a domain, please refrain so others can get assistance. We gave everyone a CDN however, we can't test for every single combination of cert out there, apologies.


angelo-railway

This is your site loading fine from USE.![](https://station-server.railway.com/attachments/att_01khwx2bwmfztvw4rpe66qb07f)

azbonfi
FREE

5 months ago

I’m currently in Azerbaijan and I’ve tested from here on several devices, but it’s still not working. Could the issue vary by country?

Attachments


zemetsskiy
FREE

5 months ago

Same issue fac07f91-55dd-4092-8e85-4a0dc22042b3, fix please. Domain: https://pumpit.tech/


davidbloxgame
PRO

5 months ago

Bloxdrop.com


kenny019

Having the same issues on <https://api.kyubi.gg/>, <https://prod.kyubi.gg/> thanks!

Mitigations applied


zemetsskiy

Same issue fac07f91-55dd-4092-8e85-4a0dc22042b3, fix please. Domain: <https://pumpit.tech/>

Mitigations applied


12unicorns
PRO

5 months ago


Applied for bloxdrop


chrisswhitneyy
PRO

5 months ago

https://legacyfoundationresourceguide.org/ project id: ae6fc20f-9a50-4c38-a7e0-18904187a394


devhowyalike
HOBBY

5 months ago

rapgpt.app


azbonfi

![](https://station-server.railway.com/attachments/att_01khwx9tz3esks3wqvhm5nthe5)I’m currently in Azerbaijan and I’ve tested from here on several devices, but it’s still not working. Could the issue vary by country?

Try incognito?


12unicorns

[stacks.africa](http://stacks.africa), [dashboard.stacks.africa](http://dashboard.stacks.africa), africaawesome.com

It's loading on my end. Asking the network eng. to see if it's an issue with POP terminating traffic close to you.


devhowyalike

rapgpt.app

Mitigations applied


angelo-railway

Try incognito?

azbonfi
FREE

5 months ago

not wotking 😭

Attachments


12unicorns

[stacks.africa](http://stacks.africa), [dashboard.stacks.africa](http://dashboard.stacks.africa), africaawesome.com

Here it is loading on my end btw, still asking the on-call for more info for you.

Attachments


seweryn-skillfuldevelopers
HOBBY

5 months ago

Having the same issue, project: 7762f0f0-4e65-4dfa-b811-481995f410da, domain: https://pets-care.app/. Thank you in advance.


chrisswhitneyy

<https://legacyfoundationresourceguide.org/> project id: ae6fc20f-9a50-4c38-a7e0-18904187a394

mitigations applied


devhowyalike

rapgpt.app

mitigations applied


5 months ago

Thanks.


seweryn-skillfuldevelopers

Having the same issue, project: 7762f0f0-4e65-4dfa-b811-481995f410da, domain: <https://pets-care.app/>. Thank you in advance.

mitigations applied


bathai
PRO

5 months ago

@angelo, I am getting SSL handshake failed Error code 525.

You ignored my main domain and resolved the webhooks subdomain. Can you please resolve *.teamfundraising.org?

Attachments


Again, massive apologies on our side, it's been never ending. However, I think this is it. Namely, we had to apply a CDN in front of every one because DDoS targets on our machines would blow up proxies adjacent to your workload. After enabling this, we have fully mitigated all DDoS traffic.

However, cert creation and propagation is a bit... non standard so we're backfilling certs now for ones not reported.


bathai

@angelo, I am getting SSL handshake failed **Error code 525.** You ignored my main domain and resolved the webhooks subdomain. Can you please resolve \*.teamfundraising.org?

It's moved, so the error is not Fastly.


razrinn
PRO

5 months ago

cms.ptgis.id project id: 8c77d9d3-4622-48cb-bf3d-b09363b550f8

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection.

Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

razrinn

[cms.ptgis.id](http://cms.ptgis.id) project id: 8c77d9d3-4622-48cb-bf3d-b09363b550f8 ``` Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information. ```

Mitigations applied


jerrett
PRO

5 months ago

mine are still borked, one is "Issuing TLS certificate"


lonelywolf
HOBBY

5 months ago

Hi, same issue here: Invalid SSL certificate Error code 526

project: 34c8d31a-ad64-43f8-a20d-3f009f7bc34a

url: https://www.omchattyai.com/


angelo-railway

Mitigations applied

razrinn
PRO

5 months ago

alright its up now, thx


bathai
PRO

5 months ago

But I started seeing this error after reassigning the domain in railway like you asked. Do you have any solutions for this issue?


bathai

But I started seeing this error after reassigning the domain in railway like you asked. Do you have any solutions for this issue?

You will have to re-add, it would appear that the record you readded is malformed. (Given the error that I am seeing.)


azbonfi
FREE

5 months ago

not working.

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

help pls

bonfi.az


Anonymous
PRO

5 months ago

ekg.gg

project id: 968fbf0e-c851-4e88-a772-1ece2d77f4be

service id: 874ab1b1-f4d1-460a-8cc8-ea426df9ee70


bathai
PRO

5 months ago

Hi @angelo, It's now back to the original error after I readded the domain again

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

This is for *.teamfundraising.org


azbonfi

not working. Requested host does not match any Subject Alternative Names (SANs) on TLS certificate \[766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76\] in use with this connection. Visit <https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors> for more information. help pls bonfi.az

Dig is showing that your domain isn't CNAMEed, can you check that?


meranhor
PRO

5 months ago

Hi all, Same issues on all my apps

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

i'm worry i saw that issue i solved but not for me


angelo-railway

Dig is showing that your domain isn't CNAMEed, can you check that?

azbonfi
FREE

5 months ago

https://www.bonfi.az this working but https://bonfi.az this not working


meranhor

Hi all, Same issues on all my apps Requested host does not match any Subject Alternative Names (SANs) on TLS certificate \[766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76\] in use with this connection. Visit <https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors> for more information. i'm worry i saw that issue i solved but not for me

domain please?


azbonfi

[https://www.bonfi.az](https://www.bonfi.az/) this working but [https://bonfi.az](https://www.bonfi.az/) this not working

You are witnessing the slow slow slow march of DNS, I am sure in AZ it will take a bit.


[ekg.gg](http://ekg.gg) project id: 968fbf0e-c851-4e88-a772-1ece2d77f4be service id: 874ab1b1-f4d1-460a-8cc8-ea426df9ee70

Mitigations applied


bathai
PRO

5 months ago

Can you please apply whatever mitigations you are doing to *.teamfundraising.org? I am losing money and sleep over this issue


angelo-railway

Here it is loading on my end btw, still asking the on-call for more info for you.![](https://station-server.railway.com/attachments/att_01khwxgy9te038rxq55r557n92)

arkoc
HOBBY

5 months ago

can you please check:

bolorindem.am


meranhor
PRO

5 months ago

  • Domaine : www.starshipdealers.com Project ID : f31a4eb5-0f32-444c-bdde-44f1a1d9b88e

arkoc
HOBBY

5 months ago

Can you please fix: bolorindem.am, I am having the same issue

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.


javikeziah
PRO

5 months ago

Same error here: turixe.com


javikeziah
PRO

5 months ago

Other projects seem to be working fine. This is a host error. 526.


bathai

Can you please apply whatever mitigations you are doing to \*.teamfundraising.org? I am losing money and sleep over this issue

Apparently you hardcoded the IP in the DNS record, this is why it's failing.


javikeziah

Same error here: turixe.com

mitigations applied


arkoc

Can you please fix: bolorindem.am, I am having the same issue Requested host does not match any Subject Alternative Names (SANs) on TLS certificate \[766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76\] in use with this connection. Visit <https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors> for more information.

Mitigations applied


angelo-railway

mitigations applied

javikeziah
PRO

5 months ago

Still not working


javikeziah

Still not working

5 months ago

Please clear your cache.


javikeziah

Still not working

Its always DNS

Attachments


bathai
PRO

5 months ago

That's incorrect. I am not talking about teamfundraising.org which points to a different host. I am talking about *.teamfundraising.org which is a wildcard subdomain which points to vettfkit.authorize.railwaydns.net currently in my CF DNS record


bathai

That's incorrect. I am not talking about [teamfundraising.org](http://teamfundraising.org) which points to a different host. I am talking about \*.teamfundraising.org which is a wildcard subdomain which points to [vettfkit.authorize.railwaydns.net](http://vettfkit.authorize.railwaydns.net) currently in my CF DNS record

5 months ago

Gotcha, fix applied to that too.


bathai
PRO

5 months ago

Not helpful because it now says SSL handshake failed Error code 525


Status changed to Awaiting Railway Response brody 5 months ago


bathai

Not helpful because it now says SSL handshake failed **Error code 525**

5 months ago

Please make sure you have your TLS/SSL mode set to Full.


Status changed to Awaiting User Response Railway 5 months ago


bathai
PRO

5 months ago

Yes, it is full


Status changed to Awaiting Railway Response Railway 5 months ago


rjbathgate
PRO

5 months ago

Do we need to give you the specific domains impacted for you to apply a fix? Seems a bit painful! Or... are you able to fix it for all without know all the impacted domains?


djordje-st
HOBBY

5 months ago

I'm also experiencing issues for my services for this project: 20bf859d-0d7f-4dac-b13c-40c2fde1c166

https://usemapstore.com/

http://app.usemapstore.com/


rjbathgate

Do we need to give you the specific domains impacted for you to apply a fix? Seems a bit painful! Or... are you able to fix it for all without know all the impacted domains?

We have a backfill script running as we speak, but we are expediting recovery for anyone who just hands us domains.

The other issue is that we are finding a lot of A records (unsupported) and hardcoded IPs, or improper TLS so we are also working through that.

(Exception Bathai, we are looking into it)


djordje-st

I'm also experiencing issues for my services for this project: 20bf859d-0d7f-4dac-b13c-40c2fde1c166 <https://usemapstore.com/> <http://app.usemapstore.com/>

Mitigations applied


Status changed to Awaiting User Response Railway 5 months ago


angelo-railway

We have a backfill script running as we speak, but we are expediting recovery for anyone who just hands us domains. The other issue is that we are finding a lot of A records (unsupported) and hardcoded IPs, or improper TLS so we are also working through that. (Exception Bathai, we are looking into it)

rjbathgate
PRO

5 months ago

admin.wildthings.club (only that specific subdomain is impacted)

FYI if you try and access that domain it'll redirect you to www due to firewall rules but for me, it doesn't redirect and I land on the cert issue.


Status changed to Awaiting Railway Response Railway 5 months ago


rjbathgate

[admin.wildthings.club](http://admin.wildthings.club) (only that specific subdomain is impacted) FYI if you try and access that domain it'll redirect you to www due to firewall rules but for me, it doesn't redirect and I land on the cert issue.

5 months ago

Applied.


Status changed to Awaiting User Response Railway 5 months ago


gadatos
PRO

5 months ago

same issue Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.


Status changed to Awaiting Railway Response Railway 5 months ago


bjesus
PRO

5 months ago

Same issue on online.haprofessor.com , hundreds of users cannot login in and we're in the middle of a presentation. Tried deleting and readding the domain, didn't help.


bathai
PRO

5 months ago

Brody and Angelo, any resolution found yet? I turned off the proxy in CF and now I am getting SSL handshake failed error page.


gadatos
PRO

5 months ago

same issue on 0a9a0b99-8eec-40b5-ad3a-2892392373e0


meranhor
PRO

5 months ago

Domaine : https://staging.starshipdealers.com/

f31a4eb5-0f32-444c-bdde-44f1a1d9b88e

This subdomain have the same issue but you already corrected the main domain , normal ?


brody

Applied.

rjbathgate
PRO

5 months ago

Fixed, thanks


bathai

Brody and Angelo, any resolution found yet? I turned off the proxy in CF and now I am getting SSL handshake failed error page.

5 months ago

Both domains are working for us.


Status changed to Awaiting User Response Railway 5 months ago


exilent-vij
PRO

5 months ago

Same issue on wonderboo.fun

a92be7db-43ea-4571-afca-a96a7394891e


Status changed to Awaiting Railway Response Railway 5 months ago


parsilver
PRO

5 months ago

onebnj.com

1bnjwin.com

1bnjgame.com

ambfatthai.com

ambfatth.com

Project: d346d18a-c3cc-4bb2-84fb-4a25cad62fbf


bjesus

Same issue on [online.haprofessor.com](http://online.haprofessor.com) , hundreds of users cannot login in and we're in the middle of a presentation. Tried deleting and readding the domain, didn't help.

Mitigations applied


Status changed to Awaiting User Response Railway 5 months ago


lstanev00
HOBBY

5 months ago

www.pvpscalpel.com

pvpscalpel.com ( general )

api.pvpscalpel.com

Error:

=> 421 Misdirected Request

=> Requested host does not match any Subject Alternative Names (SANs) on TLS certificate

Impact:

=> Main website down

=> API unreachable

=> Desktop client failing to connect

Setup:

=> Custom domain behind Cloudflare

=> DNS resolving correctly

=> curl confirms Cloudflare IPs

=> Response headers show: x-served-by: cache-sof...

This appears to be a Metal Edge / certificate binding issue rather than a DNS misconfiguration.


Status changed to Awaiting Railway Response Railway 5 months ago


lstanev00

[www.pvpscalpel.com](http://www.pvpscalpel.com) [pvpscalpel.com](http://pvpscalpel.com) ( general ) [api.pvpscalpel.com](http://api.pvpscalpel.com) Error: \=> 421 Misdirected Request \=> Requested host does not match any Subject Alternative Names (SANs) on TLS certificate Impact: \=> Main website down \=> API unreachable \=> Desktop client failing to connect Setup: \=> Custom domain behind Cloudflare \=> DNS resolving correctly \=> curl confirms Cloudflare IPs \=> Response headers show: x-served-by: cache-sof... This appears to be a Metal Edge / certificate binding issue rather than a DNS misconfiguration.

lstanev00
HOBBY

5 months ago

fixed*


Update from the network engineering team, the script is running we should see widespread restoration.


Status changed to Awaiting User Response Railway 5 months ago


rjbathgate
PRO

5 months ago

Three more domains if you can please work your magic...

admin.theloft.legal

stockman.bst.co.nz

Interestingly, it's only 'cusotm' subdomains that are impacted for us - admin. breaks but www. doesn't on a number of domains.

(note these domains won't be accessible for you either due to Firewall)


Status changed to Awaiting Railway Response Railway 5 months ago


brody

Both domains are working for us.

bathai
PRO

5 months ago

I am trying to reach https://fundchamps.teamfundraising.org/ and it uses the underlying wildcard subdomain, i.e. *.teamfundraising.org and it isn't working. Still says SSL handshake failed Error code 525.

On railway, as I turned off the proxy, it now says Validating domain ownership. Any idea on how long this takes? Should I change something


bathai
PRO

5 months ago

It's finally working now. I turned off the proxy in Railway as per the documentation here: https://docs.railway.com/networking/troubleshooting/ssl#error-525-ssl-handshake-failed


rjbathgate

Three more domains if you can please work your magic... [admin.theloft.legal](https://admin.theloft.legal/) [stockman.bst.co.nz](http://stockman.bst.co.nz) Interestingly, it's only 'cusotm' subdomains that are impacted for us - admin. breaks but www. doesn't on a number of domains. (note these domains won't be accessible for you either due to Firewall)

Mitigations applied


Status changed to Awaiting User Response Railway 5 months ago


lstanev00

[www.pvpscalpel.com](http://www.pvpscalpel.com) [pvpscalpel.com](http://pvpscalpel.com) ( general ) [api.pvpscalpel.com](http://api.pvpscalpel.com) Error: \=> 421 Misdirected Request \=> Requested host does not match any Subject Alternative Names (SANs) on TLS certificate Impact: \=> Main website down \=> API unreachable \=> Desktop client failing to connect Setup: \=> Custom domain behind Cloudflare \=> DNS resolving correctly \=> curl confirms Cloudflare IPs \=> Response headers show: x-served-by: cache-sof... This appears to be a Metal Edge / certificate binding issue rather than a DNS misconfiguration.

Mitigations applied


parsilver

[onebnj.com](http://onebnj.com) [1bnjwin.com](http://1bnjwin.com) [1bnjgame.com](http://1bnjgame.com) [ambfatthai.com](https://ambfatthai.com/) [ambfatth.com](https://ambfatth.com/) Project: d346d18a-c3cc-4bb2-84fb-4a25cad62fbf

Mitigations applied


exilent-vij

Same issue on [wonderboo.fun](http://wonderboo.fun) a92be7db-43ea-4571-afca-a96a7394891e

Mitgations applied


abeshunyah
HOBBY

5 months ago

i solved this by:

1. go to cloudflare domain (or other)

2. find DNS records which are using IP address as target value on A record

  1. remove them

and resolved.


Status changed to Awaiting Railway Response Railway 5 months ago


abeshunyah

i solved this by: 1\. go to cloudflare domain (or other) 2\. find DNS records which are using IP address as target value on A record 1. remove them and resolved.

Yes, and for the record, this was never a supported configuration.


Status changed to Awaiting User Response Railway 5 months ago


Network engineer is reporting that we fully backfilled. However, we are going to keep the incident up until we have confirmed that all domains that should get the SSL ACME challenge indeed got it.

The other thing here is as a result of this change, we have tightened how we have issued certs so we are going to work with those with misconfigured domains, expect an email from us.


therobotcarlson
PRO

5 months ago

What's the best way to tell if this is affecting our service? I am having weird issues from https -> http redirects and I can't tell if it's this or something else that's messed up.


domain?


therobotcarlson
PRO

5 months ago

login-api.truer.health


therobotcarlson
PRO

5 months ago


yes, its that issue


Status changed to Solved brody 5 months ago


Welcome!

Sign in to your Railway account to join the conversation.

Loading...