2 months ago
I'm trying to add a custom domain api.sampark-setu.in to my family-directory service in the production environment, but the domain configuration keeps disappearing after deployment.
What I've done:
Added custom domain api.sampark-setu.in to service networking (port 8080)
Configured DNS records in GoDaddy:
CNAME: api → mo3nvyxi.up.railway.app ✓ (verified live)
TXT: _railway-verify.api → railway-verify=0122780092fb4eb66bb8a96dfa22001aed53db6ecf948970e823bc6a078f23e1 ✓ (verified live)
Deployed multiple times, but the custom domain keeps reverting to only Railway default domains
SSL certificate is not being issued
Project ID: 5a27a8d0-575e-40f3-a077-2c283f63535e
Environment: production
Service: family-directory
8 Replies
2 months ago
Your custom domain api.sampark-setu.in is currently active on your family-directory service, with DNS fully propagated, verification confirmed, and a valid SSL certificate issued. The domain is not missing from your configuration on our end.
2 months ago
This thread has been marked as private. Any further activity in this thread will only be visible to you and Railway employees.
Status changed to Awaiting User Response Railway • about 2 months ago
2 months ago
Custom domain api.sampark-setu.in still does not seem to be working with SSL Certificate. I cannot access https://api.sampark-setu.in/graphql, I still get "Your connection is not private" error. Also in the service configuration of family-directory service under the network section, i still cannot see the status that confirm the SSL certificate is issues and attached to my custom domain. I still see below:
Port 8080
·DNS records
I have been trying to resolve this issue since last 3 days. Can someone please take a closer look at this issue and resolve it?
Status changed to Awaiting Railway Response Railway • about 2 months ago
2 months ago
Your domain api.sampark-setu.in is working correctly with a valid SSL certificate (issued March 30, expires June 28).
I just tested it and the SSL handshake succeeds without errors. The "connection not private" error you're seeing is likely your browser caching the previous failed state.
To fix this:
- Clear your browser cache, or
- Open the URL in an incognito/private window, or
- Try a different browser
You can also verify the certificate is valid by running:
curl -v https://api.sampark-setu.in 2>&1 | grep "SSL certificate verify ok"Status changed to Awaiting User Response Railway • about 2 months ago
sam-a
Your domain `api.sampark-setu.in` is working correctly with a valid SSL certificate (issued March 30, expires June 28). I just tested it and the SSL handshake succeeds without errors. The "connection not private" error you're seeing is likely your browser caching the previous failed state. To fix this: 1. Clear your browser cache, or 2. Open the URL in an incognito/private window, or 3. Try a different browser You can also verify the certificate is valid by running: ```bash curl -v https://api.sampark-setu.in 2>&1 | grep "SSL certificate verify ok" ```
2 months ago
I executed the command and below is the output. I executed this on a different machine altogether to avoid any caching issue. I do not see any SSL related information in the output.
curl.exe : * Host api.sampark-setu.in:443 was resolved.
At line:1 char:1
+ curl.exe -v https://api.sampark-setu.in 2>&1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (* Host api.samp...3 was resolved.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
* IPv6: (none)
* IPv4: 151.101.2.15
* Trying 151.101.2.15:443...
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server did not agree on a protocol. Uses default.
* Established connection to api.sampark-setu.in (151.101.2.15 port 443) from 10.236.17.46 port 52355
* using HTTP/1.x
> GET / HTTP/1.1
> Host: api.sampark-setu.in
> User-Agent: curl/8.18.0
> Accept: /
>
* Request completely sent off
{"timestamp":"2026-04-01T10:11:50.168+00:00","status":404,"error":"Not Found","path":"/"}< HTTP/1.1 404
< Connection: keep-alive
< content-type: application/json
< date: Wed, 01 Apr 2026 10:11:50 GMT
< server: railway-edge
< vary: Origin
< vary: Access-Control-Request-Method
< vary: Access-Control-Request-Headers
< x-railway-edge: railway/asia-southeast1-eqsg3a
< x-railway-request-id: AaZyzgwOSF6rogPn0ubPiw
< x-railway-cdn-edge: fastly/cache-bom-vanm7210055-BOM
< x-cache: MISS
< x-cache-hits: 0
< x-served-by: cache-bom-vanm7210055-BOM
< transfer-encoding: chunked
<
* Connection #0 to host api.sampark-setu.in:443 left intact
Status changed to Awaiting Railway Response Railway • about 2 months ago
2 months ago
Your curl output actually confirms SSL is working correctly. The HTTPS connection to api.sampark-setu.in succeeded on port 443 and your application responded with a 404 JSON response (expected for the root path / since your endpoint is /graphql). If SSL were broken, curl would have shown a certificate error instead of returning your app's response. The absence of detailed certificate info in the output is normal for Windows curl using schannel. If your browser still shows "connection is not private," try clearing your browser cache or opening the URL in an incognito/private window.
Status changed to Awaiting User Response Railway • about 2 months ago
sam-a
Your curl output actually confirms SSL is working correctly. The HTTPS connection to api.sampark-setu.in succeeded on port 443 and your application responded with a 404 JSON response (expected for the root path `/` since your endpoint is `/graphql`). If SSL were broken, curl would have shown a certificate error instead of returning your app's response. The absence of detailed certificate info in the output is normal for Windows curl using schannel. If your browser still shows "connection is not private," try clearing your browser cache or opening the URL in an incognito/private window.
2 months ago
Still not working for me. The actual issue is that I am not able to call "https://api.sampark-setu.in/graphql" with the GraphQL Query. I am using the below mentioned curl command for validation and getting error related to certificate:
Curl Command:
curl.exe -v "https://api.sampark-setu.in/graphql" -H "Content-Type: application/json" -X POST --data ""query""query { membersByBirthDayToday { id firstName middleName lastName birthDate familyHead { id firstName middleName lastName } } }"}"
Error:
Note: Unnecessary use of -X or --request, POST is already inferred.
* Host api.sampark-setu.in:443 was resolved.
* IPv6: (none)
* IPv4: 203.191.35.125
* Trying 203.191.35.125:443...
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
* closing connection #0
curl: (60) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
Status changed to Awaiting Railway Response Railway • about 2 months ago
2 months ago
To validate the issue further, I added another custom domain "query.sampark-setu.in" but this also is stuck at the same stage where certificate is not issued. I have verified the CNAME and TXT records are propagated properly. I have checked this using https://dnschecker.org/
I also asked the Agent on the Railway platform and this is what the response it provided:
Fetched service config
I can confirm - query.sampark-setu.in is also not showing in the service configuration. Only the default Railway domain is there.
This confirms it's a platform-level issue with Railway, not a DNS configuration problem on your end. The custom domains are not persisting at all.
Regarding your TXT record question:
For the new domain query.sampark-setu.in, the TXT record should be:
- Type: TXT
- Name:
_railway-verify.query(NOT justquery) - Value: Whatever verification value Railway provides for this domain
The pattern is: _railway-verify.[subdomain]
So:
- For
api.sampark-setu.in→_railway-verify.api✓ (you have this correct) - For
query.sampark-setu.in→_railway-verify.query✓ (this is correct)
However, since the custom domain isn't even persisting in Railway's configuration, setting up the DNS records won't help right now.
This is definitely a Railway platform issue. I recommend:
- Contact Railway Support immediately with both domain examples (
api.sampark-setu.inandquery.sampark-setu.in) - Mention that custom domains are not persisting in the service configuration after deployment
- Reference that this is blocking SSL certificate issuance for both test domains
This needs to be escalated to Railway's engineering team. I apologize for the continued issues.
I am facing this issue since last week, can you please help me resolve this asap?
2 months ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open Railway • about 2 months ago
2 months ago
I would try accessing the URL from a different machine and/or clearing your local DNS cache and trying again.
I am able to successfully curl the URL without any certificate errors.
→ curl -I https://api.sampark-setu.in/graphql
HTTP/2 404
# Output truncated
→ curl -I https://query.sampark-setu.in
HTTP/2 404
# Output truncated