a month ago
Hi — our custom domain has been stuck in VALIDATING_OWNERSHIP for over 30 minutes despite all DNS
records being propagated and visible via Google's public DNS.
Project: DAGO HR (2ea5c827-3911-452e-85b4-baeda252a526)
Service: frontend (1f9e7f7d-7e3b-43da-91ad-fb4715bc1da5)
Custom domain: job.dagoexpress.com (id 7c95d3e3-0580-427d-b2a8-2113a79924ce)
What I did:
1. Set CNAME job → l3buje1q.up.railway.app in Cloudflare, DNS only (not proxied).
2. Added required TXT record _railway-verify.job with value
railway-verify=07951c2774942bfbcb9a12485758c314e51ccd81ab7870ce4e9759cc2a0e9e23, also DNS only.
What I can verify:
- dig @8.8.8.8 job.dagoexpress.com CNAME → l3buje1q.up.railway.app.
- dig @8.8.8.8 _railway-verify.job.dagoexpress.com TXT → correct token
- Via your GraphQL API the CNAME shows DNS_RECORD_STATUS_PROPAGATED but the TXT record doesn't
appear in dnsRecords at all, and verified: false, certificateStatus:
CERTIFICATE_STATUS_TYPE_VALIDATING_OWNERSHIP.
What I tried:
- customDomainUpdate with same targetPort (no re-check triggered).
- Waited 20+ minutes.
My suspicion is that Let's Encrypt hit a cooldown after a failed validation attempt while DNS was
still propagating. Could you please trigger a manual re-verification on your side, or advise if I
should delete and recreate the custom domain?
Thanks!
Pinned Solution
a month ago
IIRC each hostname has a rate limit of 5 certificates per week. This is enforced by Let's Encrypt, not Railway. If you did hit this limit, you'd need to wait until next week for the limit to reset.
If the limit isn't reached yet, I'd try removing the domain from Railway and associated records from your DNS provider, waiting ~10-15 mins, then re-add them back.
1 Replies
a month ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open Railway • 30 days ago
a month ago
IIRC each hostname has a rate limit of 5 certificates per week. This is enforced by Let's Encrypt, not Railway. If you did hit this limit, you'd need to wait until next week for the limit to reset.
If the limit isn't reached yet, I'd try removing the domain from Railway and associated records from your DNS provider, waiting ~10-15 mins, then re-add them back.
Status changed to Solved 0x5b62656e5d • 4 days ago