Hey, might be that the domain is not correctly attached at the edge layer, this CAN happen due repeated delete/re-add cycles which maybe left the domain in a partially detached state?

I am not sure, but it's for sure not a DNS issue and you are correct, it seems to be something only railway can fix internally as per your request

Update with additional diagnostics (Feb 22, 2026):

Confirmed today via curl that Railway is serving the *.up.railway.app wildcard cert instead of a cert for advancedpracticeready.com:

SSL error: subjectAltName does not match host name 'advancedpracticeready.com'

Cert served: subject CN=*.up.railway.app (issued Feb 20, 2026)

DNS is still correctly configured — both domains CNAME to 2r638loj.up.railway.app resolving to 151.101.2.15. The cert provisioner ran for the Railway subdomain but never ran for the custom domain.

Domain IDs for your reference:

- advancedpracticeready.com: e8797460-3012-4b67-9d07-32dbf6d3d585

- www.advancedpracticeready.com: 46ea8f67-c397-40a4-8de1-f3bb63e98e6b

Can Railway staff please manually trigger cert provisioning for these two domain IDs? This is a production site that has been down for several days.

Following up — it has now been 3 days with no response from Railway staff.

Current state as of today (Feb 24, 2026):

- DNS still correct: advancedpracticeready.com CNAME → 2r638loj.up.railway.app → 66.33.22.1

- Railway is still serving the *.up.railway.app wildcard cert for my custom domain

- curl -sI https://advancedpracticeready.com returns exit code 60 (SSL verification failure)

- The site has been effectively down on the custom domain for 3+ days

This is a production platform with paying users. I need Railway staff to manually trigger cert provisioning for these two domain IDs:

- advancedpracticeready.com: e8797460-3012-4b67-9d07-32dbf6d3d585

- www.advancedpracticeready.com: 46ea8f67-c397-40a4-8de1-f3bb63e98e6b

Please escalate this.

This isn't your problem to solve — it's a Railway infrastructure issue that requires staff intervention. The user (paulplogan) has done everything correctly on their end:

• DNS/CNAME is valid and verified

• The service works on the default .up.railway.app domain

• The issue is that Railway's cert provisioner never issued an SSL certificate for the custom domain, likely due to a broken internal state from repeated delete/re-add cycles

What you can do if you're facing a similar issue:

1. Open a support ticket directly — Railway Help Station discussions aren't guaranteed staff response. Use Railway's priority support channels if you're on a paid plan.

2. Try the Railway Discord — staff are sometimes more responsive there for urgent production issues.

3. As a temporary workaround, you could put Cloudflare in front of the domain with "Flexible" SSL mode, which would terminate SSL at Cloudflare's edge and connect to Railway over the wildcard cert. This is a band-aid, not a fix.

4. Railway GraphQL API — the user already tried customDomainUpdate mutations. There's no public API to force cert re-provisioning.
   
   Howard