2 months ago
Project ID: e02a98ec-2d44-459c-b7e3-0b127d6d603b (mvptaxspain-final)
Environment ID: 97d9738e-913d-47d8-ba02-98ba899afc3c (production)
Service ID: c5ec3639-3fc6-4ef3-8282-84a900f4b3e5 (Frontend)
Custom Domain ID: d30d3e39-6152-4416-9f00-1fd22cd5216a
Domain: www.importcanariasfacil.com
Required CNAME target: 4x9yz9fd.up.railway.app
Summary:
My custom domain www.importcanariasfacil.com has been stuck in CERTIFICATE_STATUS_TYPE_VALIDATING_OWNERSHIP for over an hour, despite all DNS requirements being met. No Let's Encrypt certificate is being issued and there is no error surfaced in the API.
Current API state shows:
- certificateStatus: CERTIFICATE_STATUS_TYPE_VALIDATING_OWNERSHIP
- - certificateStatusDetailed: null
- - certificateErrorType: null
- - certificateErrorMessage: null
- - dnsRecords status: DNS_RECORD_STATUS_PROPAGATED
- - currentValue matches requiredValue: 4x9yz9fd.up.railway.app
External verification:
- Google Public DNS (8.8.8.8): www.importcanariasfacil.com resolves via CNAME to 4x9yz9fd.up.railway.app (TTL 150)
- - HTTP-01 challenge path reachable: http://www.importcanariasfacil.com/.well-known/acme-challenge/ reaches Railway edge (returns Railway 404)
- - No CAA records blocking Let's Encrypt
- - crt.sh: no certificate has been issued for www.importcanariasfacil.com
What I tried (none resolved it):
- customDomainUpdate port toggles (3000 <-> 8080) to nudge validation
- 2. Full customDomainDelete + customDomainCreate multiple times, updating the Strato CNAME to each newly assigned target each time
- 3. Deleted a stale _railway-verify.importcanariasfacil.com TXT record from a previously deleted custom domain; confirmed via Google DNS it is no longer live
- 4. Waited well beyond the expected Let's Encrypt HTTP-01 validation window
The certificateStatus never advances from VALIDATING_OWNERSHIP and no error is ever populated.
Ask: Could you please manually retrigger the ownership validation / certificate provisioning for custom domain d30d3e39-6152-4416-9f00-1fd22cd5216a, or advise what else I can do on my side to unblock issuance?
Thanks!
Pinned Solution
2 months ago
- You need to add TXT records. I ran
nslookupand I could not find any TXT records for_railway-verify.www. - If you wish to add
wwwas a domain, you will also need to add your root domain (importcanariasfacil.comin this case).- If your DNS provider does not support adding CNAME records to root domains, I highly suggest migrating to Cloudflare's DNS service.
1 Replies
Status changed to Awaiting Railway Response Railway • about 2 months ago
Status changed to Open Railway • about 2 months ago
2 months ago
- You need to add TXT records. I ran
nslookupand I could not find any TXT records for_railway-verify.www. - If you wish to add
wwwas a domain, you will also need to add your root domain (importcanariasfacil.comin this case).- If your DNS provider does not support adding CNAME records to root domains, I highly suggest migrating to Cloudflare's DNS service.
Status changed to Solved 0x5b62656e5d • 16 days ago