**Description:** I'm trying to connect a custom domain to my Railway service but the SSL certificate isn't being provisioned. **Setup:** * Service deployed on Railway (Node.js app on port 3001) * Custom domain configured in service networking * DNS CNAME record pointing to Railway's default domain **Issue:** When accessing the custom domain over HTTPS, I get: `net::ERR_CERT_COMMON_NAME_INVALID` The Railway default domain works fine with HTTPS, and the custom domain works over HTTP. **What I've tried:** 1. Added custom domain to service networking config 2. Verified DNS CNAME record is correct 3. Redeployed service multiple times 4. Waited 15+ minutes for certificate provisioning 5. Tried both CNAME and A records **Current state:** * DNS resolves correctly to Railway's IP * Service is running and accessible * Certificate just won't provision for the custom domain * Project ID: c2389607-db1f-495c-8bd6-df134c68ec64 (if Railway staff needs to investigate) Any ideas on what might be causing this or what I'm missing?

Custom domain SSL certificate not provisioning - certificate mismatch error

jperdue21

FREEOP

a month ago

Description:

I'm trying to connect a custom domain to my Railway service but the SSL certificate isn't being provisioned.

Setup:

Service deployed on Railway (Node.js app on port 3001)
Custom domain configured in service networking
DNS CNAME record pointing to Railway's default domain

Issue: When accessing the custom domain over HTTPS, I get: net::ERR_CERT_COMMON_NAME_INVALID

The Railway default domain works fine with HTTPS, and the custom domain works over HTTP.

What I've tried:

Added custom domain to service networking config
Verified DNS CNAME record is correct
Redeployed service multiple times
Waited 15+ minutes for certificate provisioning
Tried both CNAME and A records

Current state:

DNS resolves correctly to Railway's IP
Service is running and accessible
Certificate just won't provision for the custom domain
Project ID: c2389607-db1f-495c-8bd6-df134c68ec64 (if Railway staff needs to investigate)

Any ideas on what might be causing this or what I'm missing?

$10 Bounty

5 Replies

Status changed to Awaiting Railway Response Railway • about 2 months ago

jperdue21

FREEOP

a month ago

Update:

Heres my Current Status

CNAME record: Verified (green checkmark)
TXT record: ⚠ Still showing yellow warning in Railway dashboard
DNS verification: Confirmed globally — dig TXT _railway-verify.iranwarcost.watson.brown.edu +short returns the exact full value Railway requires

Heres what I've tried

Hard refreshed the Railway dashboard multiple times
Clicked the lightning bolt icon to force recheck
No change in verification status

Can you run a verification recheck on Railway's end to trigger SSL certificate provisioning? Or how could I go about fixing this?

Status changed to Open Railway • about 1 month ago

0x5b62656e5d

MODERATOR

a month ago

I'd try removing all related records from Railway and your DNS provider, waiting for ~10-15 mins, then re-add the records.

0x5b62656e5d

I'd try removing all related records from Railway and your DNS provider, waiting for \~10-15 mins, then re-add the records.

jperdue21

FREEOP

a month ago

Hi, this did not work either

irazvan2745

FREE

a month ago

the txt exists, surely something railway side

jperdue21

FREEOP

a month ago

Certificate details from Chrome show that only the *.up.railway.app wildcard certificate is provisioned. The custom domain certificate iranwarcost.watson.brown.edu has not been issued yet.

Common Name (CN)

*.up.railway.app

Organization (O)

Organizational Unit (OU)

Common Name (CN)

Certainly Intermediate R1

Organization (O)

Certainly

Organizational Unit (OU)

Issued On

Tuesday, March 31, 2026 at 9:48:05 PM

Expires On

Thursday, April 30, 2026 at 9:48:04 PM

Certificate

f2fefae389f78861ae76b1f1e37b25e7c8f5a6394baa3d72d11c01a3e1f1bf18

Public Key

605a8f2233f7b312589c36e63906b50a57da188c3ecd096fe0fee04cf698b9c9

Welcome!