12 days ago
Explanation Text:
Issue:
When adding a custom domain to a Railway service, the platform is generating random CNAMEs instead of using the standard cname.railway.app. This causes domain validation failures and inconsistent behavior.
CNAME Generation Issue:
Each time a custom domain is removed and re-added, a new random CNAME is generated:
First attempt: q5obwm2k.up.railway.app
Second attempt: zubpqe3a.up.railway.app
Third attempt: uuuofqzd.up.railway.app
Expected behavior: cname.railway.app should be generated consistently every time.
Observed Behavior:
DNS records are correctly configured and propagated
Domain works when CNAME points to cname.railway.app
SSL certificate validation fails intermittently: net::ERR_CERT_COMMON_NAME_INVALID
Dashboard shows "Incorrect DNS Setup" even though DNS configuration is correct
Each removal and re-addition of the domain generates a different random CNAME
Steps to Reproduce:
Go to Service Settings
Remove custom domain
Wait 5-10 minutes
Add custom domain again
Observe that a new random CNAME is generated instead of cname.railway.app
Impact:
Custom domains cannot be validated correctly due to inconsistent CNAME generation. This prevents proper SSL functionality and domain validation across multiple attempts.
Attachments
Pinned Solution
12 days ago
Hey! The random CNAME is actually correct. Railway now generates a unique proxy URL (like q5obwm2k.up.railway.app) for each domain instead of using the generic cname.railway.app.
Here is how to fix the validation and SSL errors:
- Update your DNS Target: Point your CNAME record to the new random string Railway gave you. Do not point it to cname.railway.app.
- Add the TXT Record: Check your Railway dashboard for a required TXT record. You must add this alongside the CNAME for Railway to validate ownership and issue the SSL certificate.
- Root Domains: If you are configuring a root domain (e.g., domain.com), use an ALIAS/ANAME record or route through Cloudflare, as standard CNAMEs do not work at the root.
Once both the CNAME (pointing to the random string) and TXT records propagate, the "Incorrect DNS Setup" and SSL errors will disappear.
2 Replies
Status changed to Open Railway • 12 days ago
12 days ago
Hey! The random CNAME is actually correct. Railway now generates a unique proxy URL (like q5obwm2k.up.railway.app) for each domain instead of using the generic cname.railway.app.
Here is how to fix the validation and SSL errors:
- Update your DNS Target: Point your CNAME record to the new random string Railway gave you. Do not point it to cname.railway.app.
- Add the TXT Record: Check your Railway dashboard for a required TXT record. You must add this alongside the CNAME for Railway to validate ownership and issue the SSL certificate.
- Root Domains: If you are configuring a root domain (e.g., domain.com), use an ALIAS/ANAME record or route through Cloudflare, as standard CNAMEs do not work at the root.
Once both the CNAME (pointing to the random string) and TXT records propagate, the "Incorrect DNS Setup" and SSL errors will disappear.
12 days ago
Thank you for the quick response! I appreciate the clarification.
I will now update my DNS configuration to point to the random CNAME (uuuofqzd.up.railway.app) instead of cname.railway.app and test the setup.
I should mention that Railway's embedded AI assistant initially advised against using the random CNAME, recommending cname.railway.app instead. This guidance led to the configuration issue I experienced. Now that I understand this is the new intended behavior, I'll proceed with the random CNAME approach.
Thanks again for the fast support!
Status changed to Solved 0x5b62656e5d • 12 days ago