Custom domain api.c-exleam.com stuck in ISSUING - please force Let's Encrypt cert (rate-limited)
denysosorio
PROOP

9 days ago

Cuerpo:

Project: zooming-spirit (id: e80747c5-dcee-49b9-ba8a-6c234f0affe2)

Environment: production

Service: api (id: 13c325f1-b709-4ae3-b625-2ff4d2998f51)

Custom domain: api.c-exleam.com

PROBLEM

api.c-exleam.com has been stuck at certificateStatus =

CERTIFICATE_STATUS_TYPE_ISSUING for 3+ hours and the TLS cert never issues.

The domain returns HTTP 404 with header x-railway-fallback: true, while the

service itself is fully healthy.

EVERYTHING ON MY SIDE IS CORRECT:

  • Plan: Pro (upgraded + payment fixed today; the previous card was invalid,

    which is what triggered the original outage).

  • DNS: Cloudflare, DNS-only / NOT proxied (grey cloud):

    api.c-exleam.com CNAME -> 85vgazpa.up.railway.app

  • Railway domain status: requiredValue == currentValue, PROPAGATED.

  • No CAA record on c-exleam.com blocking Let's Encrypt.

  • Service is running: https://api-production-ffc7.up.railway.app/health -> 200 OK

ROOT CAUSE (my analysis)

For several weeks my card was invalid, so the account lost custom-domain

entitlement and Railway repeatedly failed to issue the cert. There was also a

window where the Cloudflare proxy was accidentally ON, which blocked the ACME

challenge and produced more failed validations. I believe api.c-exleam.com is

now Let's Encrypt rate-limited. The hourly failed-validation window has passed

several times with no auto-recovery.

ALREADY TRIED (did NOT resolve)

  • Upgraded to Pro + fixed payment.
  • Set DNS to grey cloud (DNS-only) and confirmed it propagated.
  • Multiple service redeploys.
  • Cert remains stuck in ISSUING the entire time.

REQUEST

Please force / re-trigger the Let's Encrypt certificate issuance for

api.c-exleam.com (or tell me if a 7-day duplicate-cert window must elapse).

A sibling domain on the same project (mcp.c-exleam.com) already recovered to

CERTIFICATE_STATUS_TYPE_VALID after the plan upgrade — only api is stuck, which

points to a rate-limit specific to this hostname rather than a config issue.

EVIDENCE (requests served by railway-hikari edge, region mia1)

  • api.c-exleam.com 404 fallback: x-railway-request-id 6vAkcM3bRQ2Vf8YGo3UVLg
  • api service domain 200 OK: x-railway-request-id 5DzSRuqYS8KcbvFiFFmdQQ
Solved$20 Bounty

Pinned Solution

Have you tried removing your domain and adding it again? This usually resolves the stuck state.

3 Replies

Railway
BOT

9 days ago

This thread has been opened as a public bounty so the community can help solve it. The thread and any further activity are now visible to everyone.

Status changed to Open Railway 9 days ago


denysosorio
PROOP

9 days ago

This can't be solved by the community — it needs Railway staff action.

The Let's Encrypt cert for api.c-exleam.com is stuck in ISSUING (3h+),

almost certainly rate-limited from repeated failed validations during a

prior billing/entitlement outage. Only Railway can force/re-trigger the

issuance or confirm the rate-limit window.

I'm on the Pro plan — please escalate this to PRIVATE Railway support

instead of a public bounty. Everything on my side is verified correct

(Pro, DNS grey-cloud + propagated, no CAA, service healthy); the sibling

domain mcp.c-exleam.com on the same project already issued its cert.


Have you tried removing your domain and adding it again? This usually resolves the stuck state.


denysosorio
PROOP

9 days ago

Resolved — removing + re-adding the custom domain worked once the Let's Encrypt rate-limit window had reset. Thanks.


Status changed to Solved 0x5b62656e5d 8 days ago


Welcome!

Sign in to your Railway account to join the conversation.

Loading...