2 months ago
Hi everyone, I have set up a custom domain on Railway Hobby plan but SSL certificate is not being issued. Current status: CNAME: app → ikevd4um.up.railway.app (verified on dnschecker.org) ⚠ TXT: _railway-verify.app → verified worldwide on dnschecker.org but Railway still shows warning Steps already tried: - Deleted and re-added custom domain - Clicked lightning bolt multiple times - Waited 24+ hours - DNS managed by Bluehost Has anyone faced this issue? How did you resolve it?
Thank you!
Pinned Solution
2 months ago
Railway should automatically detect the changes and issue the certificate within a few minutes, but it may take up to a few hours (rare but happens). If it doesn’t by then, try removing the domain from Railway, wait for ~10-15 mins, then re-add it again. Update DNS records as necessary.
21 Replies
Status changed to Open Railway • 2 months ago
2 months ago
(The lightning bolt is for CDN caching)
Are you able to access the site from your browser?
2 months ago
I had the issue of TXT record showing a warning sign next to it. I solved it by disabling proxied and making it DNS only in cloudflare. Check your DNS records in Bluehost, and see if it has the proxied option.
darseen
I had the issue of TXT record showing a warning sign next to it. I solved it by disabling **proxied** and making it **DNS only** in cloudflare. Check your DNS records in Bluehost, and see if it has the proxied option.
2 months ago
You can't proxy TXT records in Cloudflare...
0x5b62656e5d
You can't proxy TXT records in Cloudflare...
2 months ago
I didn't say that! I was referring to the custom domain setup when I said "it". But it could be misunderstood, I guess.
0x5b62656e5d
(The lightning bolt is for CDN caching) Are you able to access the site from your browser?
2 months ago
Great — someone responded!
Answer them:
Yes, the site is accessible via the Railway URL
(web-production-fbca5.up.railway.app) but not via
the custom domain. Getting SSL error when accessing
the custom domain.
darseen
I had the issue of TXT record showing a warning sign next to it. I solved it by disabling **proxied** and making it **DNS only** in cloudflare. Check your DNS records in Bluehost, and see if it has the proxied option.
2 months ago
Checked Bluehost DNS records — there is no proxy
option available. DNS is managed directly by Bluehost,
not Cloudflare. Any other suggestions?
2 months ago
Try accessing from an incognito window. Your browser may be caching stale data.
I'm able to access your site just fine.
Attachments
darseen
I didn't say that! I was referring to the custom domain setup when I said "it". But it could be misunderstood, I guess.
2 months ago
My bad haha. Misunderstood what you wrote then.
0x5b62656e5d
Try accessing from an incognito window. Your browser may be caching stale data. I'm able to access your site just fine. 
2 months ago
The custom domain is app.liluboutique.com
Getting SSL error when accessing it directly.
0x5b62656e5d
My bad haha. Misunderstood what you wrote then.
2 months ago
Nah you're good, I should've worded it better tbh.
liluboutik-collab
The custom domain is [app.liluboutique.com](http://app.liluboutique.com) Getting SSL error when accessing it directly.
2 months ago
The content of your TXT record is malformed. Try removing the TXT record, copy what Railway provided, and add it back again.
0x5b62656e5d
The content of your TXT record is malformed. Try removing the TXT record, copy what Railway provided, and add it back again.
2 months ago
Sure! let me try that
Status changed to Awaiting User Response Railway • 2 months ago
liluboutik-collab
Sure! let me try that
2 months ago
Done! Removed and re-added the TXT record with the
exact value from Railway.
Two questions:
1. Should I enable CDN caching for the custom domain?
2. How long should I wait for the TXT ⚠ to turn green
after re-adding the record?
Thank you for your help!
Status changed to Awaiting Railway Response Railway • 2 months ago
liluboutik-collab
Done! Removed and re-added the TXT record with the exact value from Railway. Two questions: 1\. Should I enable CDN caching for the custom domain? 2\. How long should I wait for the TXT ⚠ to turn green after re-adding the record? Thank you for your help!
2 months ago
Did you click the copy button in Railway? Or did you just select the shown text and Ctrl/Cmd + C?
You should be clicking the copy button to the right of the text string.
FYI, your TXT record currently ends with “…” when it shouldn’t.
2 months ago
Update from Bluehost support:
"The DNS records are correctly pointed. The subdomain
app.liluboutique.com is not pointing to Bluehost server
at all.
SSL certificate needs to be activated from
Railway's end."
So the DNS is correct on Bluehost side.
The issue is Railway needs to issue the SSL certificate.
Is there anything I can do on Railway's side to trigger
the SSL certificate generation?
liluboutik-collab
Update from Bluehost support: "The DNS records are correctly pointed. The subdomain [app.liluboutique.com](http://app.liluboutique.com) is not pointing to Bluehost server at all. SSL certificate needs to be activated from Railway's end." So the DNS is correct on Bluehost side. The issue is Railway needs to issue the SSL certificate. Is there anything I can do on Railway's side to trigger the SSL certificate generation?
2 months ago
When you provided the TXT record to be added, did it contain “…”?
0x5b62656e5d
When you provided the TXT record to be added, did it contain “…”?
2 months ago
The full TXT value is:
railway-verify=4c1db8d459a738d9b8ae047969dbad22a2273f29185dd19cc6ec2e1d4c046e6d
No "..." - this is the complete value. I copied it
directly from Railway this time.
2 months ago
Railway should automatically detect the changes and issue the certificate within a few minutes, but it may take up to a few hours (rare but happens). If it doesn’t by then, try removing the domain from Railway, wait for ~10-15 mins, then re-add it again. Update DNS records as necessary.
0x5b62656e5d
Railway should automatically detect the changes and issue the certificate within a few minutes, but it may take up to a few hours (rare but happens). If it doesn’t by then, try removing the domain from Railway, wait for \~10-15 mins, then re-add it again. Update DNS records as necessary.
2 months ago
Update: app.liluboutique.com is now accessible!
However it's showing "Not Secure" - SSL certificate
not yet issued.
Is this expected? Will Railway auto-issue the SSL
certificate now that the domain is resolving correctly?
Thank you for all your help!
2 months ago
The domain app.liluboutique.com is resolving correctly
but http:// is not redirecting to https:// automatically.
Railway URL (web-production-fbca5.up.railway.app) works
fine with HTTPS.
Is there a way to force HTTP → HTTPS redirect for custom
domains on Railway? Or does Railway handle this automatically?
0x5b62656e5d
Railway should automatically detect the changes and issue the certificate within a few minutes, but it may take up to a few hours (rare but happens). If it doesn’t by then, try removing the domain from Railway, wait for \~10-15 mins, then re-add it again. Update DNS records as necessary.
2 months ago
Resolved! It was a browser cache issue.
Working perfectly in incognito and after clearing cache.
https://app.liluboutique.com is now live with
full SSL (🔒 green padlock)!
Thank you so much for all your help!
Especially @0x5b62656e5d
Status changed to Solved Railway • 2 months ago
