9 days ago
Cuerpo:
Project: zooming-spirit (id: e80747c5-dcee-49b9-ba8a-6c234f0affe2)
Environment: production
Service: api (id: 13c325f1-b709-4ae3-b625-2ff4d2998f51)
Custom domain: api.c-exleam.com
PROBLEM
api.c-exleam.com has been stuck at certificateStatus =
CERTIFICATE_STATUS_TYPE_ISSUING for 3+ hours and the TLS cert never issues.
The domain returns HTTP 404 with header x-railway-fallback: true, while the
service itself is fully healthy.
EVERYTHING ON MY SIDE IS CORRECT:
-
Plan: Pro (upgraded + payment fixed today; the previous card was invalid,
which is what triggered the original outage).
-
DNS: Cloudflare, DNS-only / NOT proxied (grey cloud):
api.c-exleam.com CNAME -> 85vgazpa.up.railway.app
-
Railway domain status: requiredValue == currentValue, PROPAGATED.
-
No CAA record on c-exleam.com blocking Let's Encrypt.
-
Service is running: https://api-production-ffc7.up.railway.app/health -> 200 OK
ROOT CAUSE (my analysis)
For several weeks my card was invalid, so the account lost custom-domain
entitlement and Railway repeatedly failed to issue the cert. There was also a
window where the Cloudflare proxy was accidentally ON, which blocked the ACME
challenge and produced more failed validations. I believe api.c-exleam.com is
now Let's Encrypt rate-limited. The hourly failed-validation window has passed
several times with no auto-recovery.
ALREADY TRIED (did NOT resolve)
- Upgraded to Pro + fixed payment.
- Set DNS to grey cloud (DNS-only) and confirmed it propagated.
- Multiple service redeploys.
- Cert remains stuck in ISSUING the entire time.
REQUEST
Please force / re-trigger the Let's Encrypt certificate issuance for
api.c-exleam.com (or tell me if a 7-day duplicate-cert window must elapse).
A sibling domain on the same project (mcp.c-exleam.com) already recovered to
CERTIFICATE_STATUS_TYPE_VALID after the plan upgrade — only api is stuck, which
points to a rate-limit specific to this hostname rather than a config issue.
EVIDENCE (requests served by railway-hikari edge, region mia1)
- api.c-exleam.com 404 fallback: x-railway-request-id 6vAkcM3bRQ2Vf8YGo3UVLg
- api service domain 200 OK: x-railway-request-id 5DzSRuqYS8KcbvFiFFmdQQ
Pinned Solution
9 days ago
Have you tried removing your domain and adding it again? This usually resolves the stuck state.
3 Replies
9 days ago
This thread has been opened as a public bounty so the community can help solve it. The thread and any further activity are now visible to everyone.
Status changed to Open Railway • 9 days ago
9 days ago
This can't be solved by the community — it needs Railway staff action.
The Let's Encrypt cert for api.c-exleam.com is stuck in ISSUING (3h+),
almost certainly rate-limited from repeated failed validations during a
prior billing/entitlement outage. Only Railway can force/re-trigger the
issuance or confirm the rate-limit window.
I'm on the Pro plan — please escalate this to PRIVATE Railway support
instead of a public bounty. Everything on my side is verified correct
(Pro, DNS grey-cloud + propagated, no CAA, service healthy); the sibling
domain mcp.c-exleam.com on the same project already issued its cert.
9 days ago
Have you tried removing your domain and adding it again? This usually resolves the stuck state.
9 days ago
Resolved — removing + re-adding the custom domain worked once the Let's Encrypt rate-limit window had reset. Thanks.
Status changed to Solved 0x5b62656e5d • 8 days ago