I am getting the same error too. I use Cloudflare as well but this issue is new and we didn't change anything

Same here!

Project: 01485e2d-34be-40e1-9b0e-92134db9b54a
Service: 16ab0087-a6b1-4d12-8e70-287af744b86c

Angelo - Can you look it up from this so I don't have to expose the domain?

Project: 01485e2d-34be-40e1-9b0e-92134db9b54a
Service: 16ab0087-a6b1-4d12-8e70-287af744b86c

2nd P0 issue in a week.

Please keep up posted on a resolution.

Domain? We are working on excepting people affected to move 'em off of Fastly.

stacks.africa, dashboard.stacks.africa, africaawesome.com
Thank you!

Seeing the same issue on multiple projects & services. Behind cloudflare as well.

For the record, we set up the CDN as a broad shield against DDoS attacks to make it so that we would make it so that other workloads wouldn't bring down yours, seems like there is some cert disagreement between Cloudflare and Fastly.

this seems very widespread, it's impacting me as well on multiple sites

Domain? Raising to the network team.

Hey angelo, would you able to look at quack.food as well please? its been over an hour and users are panicking.

What is the cause of this? Did you do a big infrastructure change yesterday?

The Fastly SAN certs seems to miss domains etc. idd.

Plan is to move us off and then on again later?

Eta?

I have my entire website down. I use cloudflare for DNS with proxy mode on. Is there a solution for this issue yet?

Network workaround from the eng. team is mentioning that re-adding the domain should restore access. Can you folks attempt that?

One other question network eng. has is if these are root domains in CF?

This does not work. I tried adding an additional domain - same issue.

Noted, Network Eng. has fresh logs that they are looking at. Is it possible for you to disable CF if it's in the critical path?

Readding domain does not work, tried adding one more domain. How much time it can take? We are losing money :(

I gave the wrong project and service before, that project and service was running.

it's this not running:

Project: 3816cd49-1c8a-4c26-a2aa-7656f8c9b6da
Service: a9869caa-d423-41cb-9ed1-96efea0cd26f

I just tried readding the domain, does not work yet.

Heard, still working through it, if you can disable CF that would be the workaround. The irony is not lost on us after years of recommending CF name servers.

Hello, we’ve encountered this issue and our services are currently down. How can we fix it? Our customers are waiting and we can’t provide service — we’re losing money and reputation. What’s the solution?

bonfi.az

Re added the domain and turned off proxying on cloudflare, still seeing the same error

Okay, we got recovery in one with a mitigation, we're going to work down the list.

lamplit.cacelebratorygathering.ca

Try now

It has nothing to do with Claudflare, and everything to do with your Fastly SAN certs.

We can't disable Claudflare lol, we use zero auth for traffic filtering.

Maybe update your status: https://status.railway.com/

Awesome! Do you need any info about the project and service?

deleted

Re: back for Bloxgame

p

https://singwiththestars.com/ still an issue on my site as well thanks so much for your help.

Got not found for this one :|

can you check this please, its been over an hour

https://quack.food/

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

We seem to be back on that service, can you confirm?

Can you check *.teamfundraising.org please?

Back

We’re having the same issue as well on https://bonfi.az. What can we do to help you support us?

Triggered mitigation, will take a min to propagate.

thank you so much

p

Hi, catching up on this, tried removing/creating a custom domain, is the 404 issue for newly created domains separate from the CF issue? Also hosted on CF

api.piquetickets.com project id: 5e043e61-0757-4a02-bb7e-07d2b24b7ea2

https://www.bonfi.az/ is back

Domain please?

Status on this?

Project: 3816cd49-1c8a-4c26-a2aa-7656f8c9b6da
Service: a9869caa-d423-41cb-9ed1-96efea0cd26f

I tried removing and adding domain on railway and I am now getting SSL handshake failed Error code 525. Please help me how to resolve this issue

I having same issue as well
project id: a5759242-e792-4557-ac67-c246887aba6a

thank you for the quick response, much appreciated

@Angelo, could you please assist.

reelstorage.com

ya'll shold really roll it back and figure out a fix that doesn't involve manually dealing with every cloudflare domain, just sayin'

https://jumpquant.app please help

p

What does that mean? Should it be working now? I’m checking, but it’s still not working.

Might need to hard refresh, loading on my side.

Loading on my side, you may need to hard refresh

p

Has the issue been fixed for anyone? If you react to this message, we can tell who it’s working for and who is still experiencing the problem.

This is your site loading fine from USE.

Still happening for: https://api.bldr.chat

Back

Same Issue

project: e8e680d7-7b9c-4ced-8933-c7db32634ef2

service: e64f9d88-c3f6-4ad8-b7bf-32d7cd8bdebd

Mitigations applied

back up, gracias

Can we get our app fixed? https://mockwell.ai/

Thanks for your help @angelo-railway, best of luck to the folks on call getting through this tonight.

Mitigations applied

Can you please help me with Teamfundraising.org please. It's been over an hour and I am already getting emails from my customers

Mitigations applied

thank you!

webhooks.teamfundraising.org mitigations applied to this one

Can you take a look at https://api.bldr.chat please? I opened the conversation 🥹

Mitigatons applied

Every day it's something else...

thanks angelo, You're a GOAT

What about other subdomains? I changed the *.teamfundraising.org to new domain like you asked on Railway and now I am getting SSL handshake failed Error code 525

Having the same issues on https://api.kyubi.gg/, https://prod.kyubi.gg/ thanks!

If you aren't providing a domain, please refrain so others can get assistance. We gave everyone a CDN however, we can't test for every single combination of cert out there, apologies.

I’m currently in Azerbaijan and I’ve tested from here on several devices, but it’s still not working. Could the issue vary by country?

Same issue fac07f91-55dd-4092-8e85-4a0dc22042b3, fix please. Domain: https://pumpit.tech/

Mitigations applied

Mitigations applied

stacks.africa, dashboard.stacks.africa, africaawesome.com

Applied for bloxdrop

https://legacyfoundationresourceguide.org/ project id: ae6fc20f-9a50-4c38-a7e0-18904187a394

rapgpt.app

Try incognito?

It's loading on my end. Asking the network eng. to see if it's an issue with POP terminating traffic close to you.

Mitigations applied

not wotking

Here it is loading on my end btw, still asking the on-call for more info for you.

Having the same issue, project: 7762f0f0-4e65-4dfa-b811-481995f410da, domain: https://pets-care.app/. Thank you in advance.

mitigations applied

mitigations applied

mitigations applied

@angelo, I am getting SSL handshake failed Error code 525.

You ignored my main domain and resolved the webhooks subdomain. Can you please resolve *.teamfundraising.org?

Again, massive apologies on our side, it's been never ending. However, I think this is it. Namely, we had to apply a CDN in front of every one because DDoS targets on our machines would blow up proxies adjacent to your workload. After enabling this, we have fully mitigated all DDoS traffic.

However, cert creation and propagation is a bit... non standard so we're backfilling certs now for ones not reported.

It's moved, so the error is not Fastly.

cms.ptgis.id project id: 8c77d9d3-4622-48cb-bf3d-b09363b550f8

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection.

Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

Mitigations applied

mine are still borked, one is "Issuing TLS certificate"

Hi, same issue here: Invalid SSL certificate Error code 526

project: 34c8d31a-ad64-43f8-a20d-3f009f7bc34a
url: https://www.omchattyai.com/

alright its up now, thx

But I started seeing this error after reassigning the domain in railway like you asked. Do you have any solutions for this issue?

You will have to re-add, it would appear that the record you readded is malformed. (Given the error that I am seeing.)

not working.

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

help pls

bonfi.az

ekg.gg

project id: 968fbf0e-c851-4e88-a772-1ece2d77f4be

service id: 874ab1b1-f4d1-460a-8cc8-ea426df9ee70

Hi @angelo, It's now back to the original error after I readded the domain again
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.
This is for *.teamfundraising.org

Dig is showing that your domain isn't CNAMEed, can you check that?

Hi all, Same issues on all my apps
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.
i'm worry i saw that issue i solved but not for me

https://www.bonfi.az this working but https://bonfi.az this not working

domain please?

You are witnessing the slow slow slow march of DNS, I am sure in AZ it will take a bit.

Mitigations applied

Can you please apply whatever mitigations you are doing to *.teamfundraising.org? I am losing money and sleep over this issue

can you please check:

bolorindem.am

• Domaine : www.starshipdealers.com
  Project ID : f31a4eb5-0f32-444c-bdde-44f1a1d9b88e

Can you please fix: bolorindem.am, I am having the same issue

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

Same error here: turixe.com

Other projects seem to be working fine. This is a host error. 526.

Apparently you hardcoded the IP in the DNS record, this is why it's failing.

mitigations applied

Mitigations applied

Still not working

Please clear your cache.

Its always DNS

That's incorrect. I am not talking about teamfundraising.org which points to a different host. I am talking about *.teamfundraising.org which is a wildcard subdomain which points to vettfkit.authorize.railwaydns.net currently in my CF DNS record

Gotcha, fix applied to that too.

Not helpful because it now says SSL handshake failed Error code 525

Please make sure you have your TLS/SSL mode set to Full.

Yes, it is full

Do we need to give you the specific domains impacted for you to apply a fix? Seems a bit painful! Or... are you able to fix it for all without know all the impacted domains?

I'm also experiencing issues for my services for this project: 20bf859d-0d7f-4dac-b13c-40c2fde1c166

https://usemapstore.com/

http://app.usemapstore.com/

We have a backfill script running as we speak, but we are expediting recovery for anyone who just hands us domains.

The other issue is that we are finding a lot of A records (unsupported) and hardcoded IPs, or improper TLS so we are also working through that.

(Exception Bathai, we are looking into it)

Mitigations applied