Custom domain SSL certificate stuck on "Waiting for DNS update" for 3+ days
stefanovnt
HOBBYOP

a month ago

Domain: facelesslab.video

Issue: I've added my Namecheap domain to Railway but the SSL certificate won't provision. Railway shows "Waiting for DNS update" with a warning icon on the TXT verification record for 4+ days.

What I've tried:

- Added CNAME record (@) pointing to r2af62sh.up.railway.app

- Added TXT record (_railway-verify.facelesslab) with verification string

- Disabled DNSSEC in Namecheap

- Removed and re-added the custom domain in Railway more times to see if that was solving the problem (may have triggered Let's Encrypt rate limits?)

- Waited 4+ days for DNS propagation

Current status:

- CNAME shows warning icon in Railway

- TXT record shows warning icon in Railway

- Browser shows: net::ERR_CERT_COMMON_NAME_INVALID

Anyone experienced this situation? What do you recommend to do?

Solved$10 Bounty

Pinned Solution

heimdall
HOBBYTop 10% Contributor

22 days ago

couple of things -
1. Cloudflare proxy is very likely breaking verification - If orange cloud is enabled, Railway’s verification checks may fail.

For validation, everything must be:

  • DNS only (grey cloud)

did you try Clean reset.

  1. In Railway:

    • Delete BOTH facelesslab.video and www.facelesslab.video

    • Wait 5–10 minutes

  2. In Cloudflare :

    • Remove all related CNAME and TXT records (& Namecheap also)

    • Make sure everything is grey cloud

  3. Add domain again in Railway:

    • Add facelesslab.video and www.facelesslab.video

  4. Let Railway generate the DNS instructions

  5. In Cloudflare, add it exactly as it is.

    Also did you ensure if you updated nameservers properly in namecheap?

if you have done all of this properly and still facing issue, can you share ss of the values generated by railway and where you are adding in cloudfare? would be faster to debug it.

5 Replies

0x5b62656e5d
FREETop 1% Contributor

a month ago

Have you tried using Cloudflare's DNS?

0x5b62656e5d

Have you tried using Cloudflare's DNS?

stefanovnt
HOBBYOP

a month ago

Hi! Thank you for you reply!

+1 week passed and the situation didn't change.

Nope, I didn't try using Cloudflare's DNS, I will try it and let you know!

stefanovnt
HOBBYOP

22 days ago

Hey! little update. I configured Cloudfare and waited for 3 days.

In Cloudfare:

  • Added CNAME @ record

  • Added CNAME www record

  • Enable Universal SSL

In Namecheap:

  • DNSSEC status is off

  • I added the custom name servers as specified from Cloudfare

In Railway

  • I see that the DNS record CNAME @ for facelesslab.video has green check

  • The TXT record has a warning icon

  • I see that the DNS record CNAME @ for www.facelesslab.video has a warning icon

  • The TXT record has a warning icon

When I try to connect now I see the attached screenshot with the Railway logo and text:

Not Found

The train has not arrived at the station.

Please check your network settings to confirm that your domain has provisioned.

If you are a visitor, please let the owner know you're stuck at the station.

I noticed that it appeared also the "Cloudfare One-click DNS Setup". I tried it but it didn't fix the issue (it added the TXT records in Cloudfare).

Am I missing something?

heimdall
HOBBYTop 10% Contributor

22 days ago

couple of things -
1. Cloudflare proxy is very likely breaking verification - If orange cloud is enabled, Railway’s verification checks may fail.

For validation, everything must be:

  • DNS only (grey cloud)

did you try Clean reset.

  1. In Railway:

    • Delete BOTH facelesslab.video and www.facelesslab.video

    • Wait 5–10 minutes

  2. In Cloudflare :

    • Remove all related CNAME and TXT records (& Namecheap also)

    • Make sure everything is grey cloud

  3. Add domain again in Railway:

    • Add facelesslab.video and www.facelesslab.video

  4. Let Railway generate the DNS instructions

  5. In Cloudflare, add it exactly as it is.

    Also did you ensure if you updated nameservers properly in namecheap?

if you have done all of this properly and still facing issue, can you share ss of the values generated by railway and where you are adding in cloudfare? would be faster to debug it.

heimdall

couple of things - 1. Cloudflare proxy is very likely breaking verification - If orange cloud is enabled, Railway’s verification checks may fail.For validation, everything must be:DNS only (grey cloud)did you try Clean reset.In Railway:Delete BOTH facelesslab.video and www.facelesslab.videoWait 5–10 minutesIn Cloudflare :Remove all related CNAME and TXT records (& Namecheap also)Make sure everything is grey cloudAdd domain again in Railway:Add facelesslab.video and www.facelesslab.videoLet Railway generate the DNS instructionsIn Cloudflare, add it exactly as it is.Also did you ensure if you updated nameservers properly in namecheap?if you have done all of this properly and still facing issue, can you share ss of the values generated by railway and where you are adding in cloudfare? would be faster to debug it.

stefanovnt
HOBBYOP

17 days ago

Thank you very much, that worked!

Steps I followed:

  • Set DNS only in Cloudfare

  • Remove all the related records in Cloudfare

  • Remove the domains in Railway

  • Remove all the records from Namecheap and the nameservers

  • Wait 15 minutes

  • Add again the domains in Railway

  • Add the nameservers in Namecheap

  • Add both CNAME and TXT records in Cloudfare (DNS only, grey cloud)

raised hands1

Status changed to Solved sam-a 17 days ago

Loading...