2 months ago
Project: noble-fulfillment (Hobby plan, upgraded from Trial today)
Domains: clio.cachelabs.io, staging.clio.cachelabs.io
Both custom domains have been stuck at "Validating Ownership" for 2+ hours.
What I've verified:
- DNS fully propagated (Railway API confirms DNS_RECORD_STATUS_PROPAGATED)
- CNAME records pointing to Railway's required targets, Cloudflare DNS-only mode (proxy off)
- No CAA records blocking Let's Encrypt
- DNSSEC disabled
- HTTP on port 80 reachable (returns 404 from Railway as expected for ACME challenge path)
- Zero certs ever issued for these subdomains (checked crt.sh)
- Other *.cachelabs.io subdomains have gotten Let's Encrypt certs successfully in the past
2 Replies
Status changed to Awaiting Railway Response Railway • 2 months ago
2 months ago
Both of your custom domains are missing the required TXT verification record. The CNAME records are set correctly, but each domain also needs a TXT record for ownership verification.
Check your custom domain settings in the Railway dashboard for the exact record name and value for each domain, then add them in your DNS provider. Certificates will be issued automatically once the TXT records are detected.
Status changed to Awaiting User Response Railway • 2 months ago
Status changed to Open brody • 2 months ago
2 months ago
If your domain is stuck at “Validating Ownership” despite correct DNS, it’s usually not a DNS issue but a stuck SSL (Let’s Encrypt) issuance process on Railway.
- SSL provisioning normally completes within ~1 hour, but can take longer in some cases
- If DNS is fully propagated and correct, the most common causes are:
- stale/failed certificate job
- conflicting DNS records (A/AAAA + CNAME)
- Cloudflare interference
🔧 Fix (most reliable)
- Ensure only a CNAME exists (no A/AAAA records)
- Remove the custom domain
- Wait a few minutes
- Re-add it to trigger a fresh certificate issuance