20 days ago
Hi Railway team,
dev.familylawvoice.com (custom domain) has been stuck in CERTIFICATE_STATUS_TYPE_VALIDATING_OWNERSHIP for 30+ minutes despite DNS being correctly propagated. This is the second occurrence of the same stall on the same hostname.
Project: reliable-benevolence (f0de46e2-b9c0-4fae-bd0e-6f6a90de0016)
Environment: dev (c0a19628-b248-43a4-878c-972db5dbc43d)
Hostname: dev.familylawvoice.com
Current customDomain ID: 3521bd95-c73e-4995-b9b3-44bd4355f909
Attached service: Smokeball-1 API (14ed9db0-ba37-4e0c-992c-a04a9cfae3f7)
Edge ID (reused across both customDomains): edge-500b32d4e9aaa4d3ff91d6ebb54285cd
History
-------
- Previous customDomain ID 4d3e1e4e-0e5f-4e18-aecd-341edd23d448 for the same hostname stuck in VALIDATING_OWNERSHIP for ~7 days.
- Deleted via GraphQL customDomainDelete on 2026-05-01, recreated via customDomainCreate. Got the new ID above. Same edge-500b32d4... was reused by Railway.
- New customDomain required CNAME dev -> 0w42nm4b.up.railway.app (different from the prior 4d3e1e4e... domain's required CNAME).
- Updated Namecheap CNAME on 2026-05-02 ~15:00 UTC.
- Public DNS propagated within seconds on Google (8.8.8.8), Cloudflare (1.1.1.1), and local resolver.
- Railway acknowledged the new CNAME within ~3 minutes (currentValue == requiredValue == 0w42nm4b.up.railway.app, status DNS_RECORD_STATUS_PROPAGATED).
- Polled GraphQL customDomain.status.certificateStatus every 60s for 30 minutes. Status stayed at CERTIFICATE_STATUS_TYPE_VALIDATING_OWNERSHIP throughout, no error message ever surfaced.
Diagnostics already ruled out
-----------------------------
- CAA records on root familylawvoice.com and subdomain dev.familylawvoice.com: none. Let's Encrypt is allowed.
- AAAA records on dev.familylawvoice.com: none. No IPv6 mismatch with Railway's IPv4-only edge.
- A record resolution chain: dev.familylawvoice.com -> 0w42nm4b.up.railway.app -> 151.101.2.15 (Fastly, IPv4). Reaches the edge.
- Edge currently serving cert: subject=CN=*.up.railway.app, issuer=Certainly Intermediate R1. So the shared Railway wildcard is being served — no Let's Encrypt cert was ever issued for this hostname.
Inference
---------
DNS validation between Railway and Let's Encrypt appears to be the stuck step, but neither side surfaces an observable error through the GraphQL API. Given this is the second time the exact same hostname stalls in VALIDATING_OWNERSHIP indefinitely on the same project (and given the edgeId was reused on the recreate), I'd like to flag a likely platform-side issue rather than churn more state with another delete + recreate cycle.
Ask
---
Could you investigate why ALPN-01 / HTTP-01 challenge issuance is not progressing for customDomain 3521bd95-c73e-4995-b9b3-44bd4355f909? Anything I can run from my side to help? Happy to share GraphQL responses, the 30-minute poll log, or anything else.
Thanks!Pinned Solution
20 days ago
You need to add a TXT record to _railway-verify.dev.familylawvoice.com. You can access the TXT content under the verificationToken property under status from the API.
2 Replies
20 days ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open Railway • 20 days ago
20 days ago
You need to add a TXT record to _railway-verify.dev.familylawvoice.com. You can access the TXT content under the verificationToken property under status from the API.
Status changed to Awaiting User Response Railway • 20 days ago
20 days ago
Fixed! Thanks!
Status changed to Awaiting Railway Response Railway • 20 days ago
Status changed to Solved Railway • 20 days ago