6 days ago
Hi Railway team,
I have three custom domains on my project that all return {"status":"error","code":404,"message":"Application not found"} from Railway's edge, despite the Railway dashboard/API showing certificateStatus: VALID and successful deployments.
Project details
Project ID: 521bcef6-83f9-4085-8b98-86a7969e51ea
Environment ID: 256a9e5e-25fb-41b0-b7b0-1201cf33439f
Project name: Shlink Short Links
Affected custom domains
admin.goproactive.uk → Caddy service (ID 3d72d4b5-fe3a-44e3-96b7-bd6c87e18d31), targetPort 8080
links.goproactive.uk → Shlink service (ID 2c1bf774-b8c1-4e9a-a506-023bbeacbb3f), targetPort 8080
goproactive.uk (apex, via Cloudflare CNAME flattening) → same Shlink service, targetPort 8080
Recent request IDs (all returned Application not found from Railway edge)
XBpwv1MOT66vT5tSn6XIxQ (goproactive.uk)
-7IahYPRQmK0jufy-_9nXA (admin.goproactive.uk)
qzZAgJeLT-W6MKrc2prcFg (links.goproactive.uk)
Symptoms
TLS handshake succeeds; Railway serves the correct per-hostname cert (verified subject=CN=admin.goproactive.uk and subject=CN=links.goproactive.uk via openssl)
Cert status via GraphQL: CERTIFICATE_STATUS_TYPE_VALID
But every HTTP request to the hostname returns the "Application not found" JSON error
Requests to the underlying Railway-generated URLs (caddy-auth-production-3e09.up.railway.app, shlink-production-a692.up.railway.app) work perfectly — services are healthy
Behaviour indicates the edge has TLS termination for these hostnames but is missing the hostname→service routing entry
Suspicious signal
Deployment records show staticUrl: "admin.goproactive.uk" and staticUrl: "links.goproactive.uk" — I'd expect staticUrl to hold the Railway-generated *.up.railway.app domain, not the custom domain. This may indicate corrupted internal state.
What I've tried (unsuccessful)
customDomainIssueCertificate mutation on all three IDs (certs became VALID but edge still 404s)
Delete + re-create the custom domains (which rotated to new required CNAME targets; DNS at DNS provider updated accordingly)
Multiple serviceInstanceRedeploy cycles on both services
customDomainUpdate to explicitly set targetPort: 8080
Full DNS migration from Heart Internet to Cloudflare (nameservers now anastasia.ns.cloudflare.com / brian.ns.cloudflare.com; all Railway-required CNAME targets present, DNS-only/grey-cloud)
DNS verification
Cloudflare authoritative NS returns correct records:
admin.goproactive.uk CNAME → ac833s3s.up.railway.app
links.goproactive.uk CNAME → fymcktz6.up.railway.app
goproactive.uk (apex, CNAME-flattened) → pighjxu5.up.railway.app resolves to 69.46.46.71
Railway API shows dns_status: PROPAGATED for admin and links; apex shows REQUIRES_UPDATE (likely because CNAME-flattening returns an A record — a known limitation with apex-on-Cloudflare + Railway custom domains, but the underlying resolution is correct and the cert would be issuable via HTTP-01 challenge)
Request
Could you please clear whatever internal state is preventing edge routing for these three domains? If the fix involves rebuilding the domain entries entirely, please advise and I can delete/re-add — but I've already done that twice with no change, so I suspect there's project-scoped state that needs manual intervention.
Happy to provide any additional info. Thanks in advance.
Pinned Solution
6 days ago
You need to add TXT records to _railway_verify.<DOMAIN> where <DOMAIN> is the domain you're trying to use. You can find the content for the TXT record from the veriifcationToken property under status.
2 Replies
6 days ago
This thread has been opened as a public bounty so the community can help solve it. The thread and any further activity are now visible to everyone.
Status changed to Open Railway • 6 days ago
6 days ago
You need to add TXT records to _railway_verify.<DOMAIN> where <DOMAIN> is the domain you're trying to use. You can find the content for the TXT record from the veriifcationToken property under status.
Status changed to Solved sigower42 • 6 days ago
