6 days ago
My custom domain verifies fully (DNS + TXT + Let's Encrypt cert) but the edge has no route mapped to my deployment, so every request returns the fallback "Application not found". This
looks identical to a recent staff-resolved case (details at the bottom).
PROJECT / SERVICE
- Project: agentplatoon (ID 7a070d68-c79c-417d-aeb9-1193dd51050f)
- Environment: production
- Service: web (Next.js standalone, binds 0.0.0.0:3000, EXPOSE 3000)
- Custom domain: agentplatoon.com, target port 3000
- Railway-assigned target for the domain: 7zn2pw5s.up.railway.app
THE SERVICE IS HEALTHY — its auto-domain works:
- https://web-production-abf87.up.railway.app/ -> 200 (incl. /api/health -> 200)
THE CUSTOM DOMAIN + ITS ASSIGNED TARGET BOTH RETURN THE FALLBACK:
-
https://agentplatoon.com/ -> 502, x-railway-fallback: true
-
https://7zn2pw5s.up.railway.app/ -> 404, body:
{"status":"error","code":404,"message":"Application not found"}
on every path (/, /login, /api/health). A bound target never 404s.
TRACE PROVING IT'S A ROUTING-TABLE GAP, NOT NETWORK/TLS/EDGE HEALTH:
- Network path is fine — timings to the failing target: DNS 21ms, connect 30ms, TLS 71ms, TTFB 97ms. It answers instantly with "Application not found" — nothing is timing out.
- TLS/cert is correct — the failing domain serves its own valid cert (openssl -> CN=agentplatoon.com, Let's Encrypt). The cert subsystem provisioned the domain; only the route didn't.
- The edge is healthy — agentplatoon.com / 7zn2pw5s resolve to edge IP 69.46.46.36. Forcing the KNOWN-GOOD host web-production-abf87 to that same .36 edge (curl --resolve) returns 200.
So .36 has working routes — it just has no entry for my custom domain.
- Missing on every edge, not one stale node — forcing agentplatoon.com to the other edge 69.46.46.21 also returns x-railway-fallback 502. The route is absent cluster-wide
(control-plane), not stale on a single edge.
- Not DNS/Cloudflare — Cloudflare CNAME -> 7zn2pw5s.up.railway.app is DNS-only (grey), no "proxy detected" warning in the Railway UI, and curl --resolve
agentplatoon.com:443: (bypassing Cloudflare) still returns the fallback.
DNS IS ALREADY EXACTLY WHAT RAILWAY ASKS FOR (pre-empting the usual first reply):
The domain's "DNS records" panel in the dashboard requests:
- CNAME agentplatoon.com -> 7zn2pw5s.up.railway.app — present in Cloudflare
- TXT _railway-verify -> railway-verify=cf252d3f0bac630308fd267f5788945b3f85d992e57afa8a4df38422c7389bdf — present in Cloudflare, byte-for-byte identical
So the _railway-verify TXT is correct and matches; the verification-token fix does not apply here.
ALREADY TRIED (no effect): reissue cert; delete + re-add the domain several times (each rotates to a new target hostname: dllg2nev -> llclf7ge -> scombc9j -> 7zn2pw5s, each 404s
standalone); multiple redeploys of the web service after the domain was verified + DNS-only, waiting 15+ min for edge-cache convergence; explicitly set target port 3000.
IDENTICAL RECENT CASE (staff-resolved): the Central Station thread "Custom domains return 'Application not found' from edge despite VALID cert status" (project "Shlink Short Links") —
same 404 body, cert VALID, generated *.up.railway.app URL works, delete/re-add rotates the CNAME target but never binds the route. Same fingerprint as mine, landing in the same
69.46.46.x edge range.
ASK: please MANUALLY CLEAR the corrupted internal routing state and re-insert the edge route mapping agentplatoon.com -> the active web deployment in production. The host->deployment
entry was never written to the routing table, and all self-serve steps above have failed. Suspected project-scoped corrupted state needing manual intervention.
Request IDs (all x-railway-fallback: true, edge lhr1):
e2bgPj6bSBy-4elDs_GTAg, b2IGXfWIQKO8sVVDw9P4nw, 9_2TyVlTRQmb_Yfl21mRUA (x-hikari-trace: lhr1.ppx8)
Pinned Solution
5 days ago
I couldn't find any CNAME or TXT records on agentplatoon.com.
Also, I'd try setting the port to an arbitrary number (eg, 4100) and change the port mapped to the URL as well, and redeploy the service afterwards.
3 Replies
Status changed to Awaiting Railway Response Railway • 6 days ago
6 days ago
NOT A DUPLICATE-CLAIM CONFLICT: this domain has never been added to any other Railway account, workspace, or project — so global custom-domain uniqueness is not the blocker.
ISOLATION TEST — PROVES IT'S PROJECT/SERVICE-SCOPED, NOT ONE BAD APEX RECORD:
I added a fresh subdomain test.agentplatoon.com to the SAME web service (target z4rb0c8p.up.railway.app, port 3000), with a correct DNS-only CNAME and a matching _railway-verify.test
TXT (railway-verify=06464212d0df0757125d20feab31f963b4a338824d4096e529cbc2adca003568). The dashboard shows it verified ("Port 3000 · DNS records"), but ~13 min later the edge serves NO
cert at all for test.agentplatoon.com (TLS fails, curl returns 000; direct SNI to the target still shows only CN=*.up.railway.app) and no route. So a brand-new, never-used subdomain
reproduces the failure — the wedged state is project/service-scoped (project 7a070d68-..., service web), not specific to the apex hostname record.
ON THE PAID (HOBBY) PLAN; THIS IS BLOCKING A PRODUCTION LAUNCH. I've spent several hours on self-serve steps and need manual intervention.
ALREADY RULED OUT — PLEASE DON'T RE-SUGGEST THESE: DNS/TXT correct and matching (byte-for-byte); cert VALID (CN=agentplatoon.com); service healthy on its auto-domain
(web-production-abf87.up.railway.app -> 200); redeploy after verification (+15 min wait); explicit target port 3000; delete/re-add (STOPPED — 4 target rotations already: dllg2nev ->
llclf7ge -> scombc9j -> 7zn2pw5s, and I'm near the Let's Encrypt 5-duplicate-certs/week limit); and the fresh subdomain above reproduces the identical failure.
ASK: please manually clear the corrupted internal routing state for this project/service and re-insert the edge route mappings. The host->deployment entries were never written to the
routing table despite VALID cert status.
5 days ago
This thread has been opened as a bounty so the community can help solve it.
Status changed to Open Railway • 5 days ago
5 days ago
I couldn't find any CNAME or TXT records on agentplatoon.com.
Also, I'd try setting the port to an arbitrary number (eg, 4100) and change the port mapped to the URL as well, and redeploy the service afterwards.
5 days ago
RESOLVED — thanks, your port suggestion fixed it.
What worked: set PORT=4100 on the service, remapped both domains (the auto *.up.railway.app domain and agentplatoon.com) to target port 4100, redeployed — the route bound immediately.
All routes now return 200 on the custom domain with the correct cert, and Google OAuth round-trips fine.
For the record / root cause: the original route entry appears to have been corrupted — cert issuance and TXT verification succeeded throughout, but the edge had no host→deployment
mapping (the assigned *.up.railway.app target itself 404'd "Application not found", and a fresh test subdomain on the same service reproduced the identical failure). The port change
forced a routing-table rewrite, which sidestepped the bad entry. Redeploys alone and delete/re-add of the domain did NOT fix it — only the port change did.
Also for the record: the earlier "no CNAME found" observation was Cloudflare apex CNAME-flattening (Cloudflare serves apex CNAMEs as A records externally) — the records were correct
throughout.
Consider this closed on my side. It may be worth engineering looking at how a domain's route entry can end up in this state, since self-serve remedies couldn't clear it. Thanks again.