a month ago
Hello Railway team,
I'm having an issue with SSL certificate issuance for my custom domain.
Project: energetic-rebirth
Service: kayn-ma (production)
Custom domain: https://www.cayn.ma
Current status:
- The service is online and accessible via:
kayn-ma-production.up.railway.app
- The custom domain www.cayn.ma is added in Railway
- Railway shows: "Waiting for DNS update"
- SSL is not issued, browser shows: NET::ERR_CERT_COMMON_NAME_INVALID
DNS configuration (via NindoHost):
- CNAME:
Host: www
Target: n4dip9ol.up.railway.app
TTL: 300
- TXT:
_railway-verify = railway-verify=738511b34d59c86d24f2bffb669f4fc074682d38682aecca183e0a00e78bf91c
DNS checks confirm the CNAME resolves correctly:
www.cayn.ma → n4dip9ol.up.railway.app
Additionally:
- A 301 redirect is configured at the registrar level:
- No conflicting A records exist
- No proxy/CDN (Cloudflare) is used
Despite this, Railway does not complete domain verification and SSL is not provisioned.
Could you please:
1) Manually re-check DNS verification for this domain
2) Force SSL certificate issuance if possible
3) Confirm if any additional DNS record is required for .ma domains
Thank you for your help.
1 Replies
Status changed to Open brody • 27 days ago
23 days ago
Hey ,NET::ERR_CERT_COMMON_NAME_INVALID confirms railway hasn't issued the cert yet because it's still stuck on DNS verification once that passes, SSL should auto-provision.many DNS providers handle the host field differently some need _railway-verify and others need _railway-verify.cayn.ma as the full hostname. If railway can't see the TXT record, it won't verify the domain and SSL never provisions. The .ma TLD can also have quirks with propagation.
PS: I am not from railway !