remove the domain from railway, delete the cname from your dns, wait like 5-10 mins, then add everything back fresh. should verify in seconds to a few minutes max

also check whatsmydns.net to make sure your records are actually propagating globally. if you have dnssec enabled try disabling it, that can mess with railway's verification

if it keeps happening consider switching your nameservers to cloudflare, lot of railway users report better stability with that setup

Railway periodically re‑checks the DNS record used for your custom domain. If it stops seeing the exact CNAME it expects (because of a proxy like Cloudflare, conflicting records, or DNS reset), it will show “add DNS records” again. Please verify via an external DNS tool that your CNAME points to the Railway value, ensure it’s “DNS only” (not proxied), remove and re‑add the domain in Railway to force a fresh check, and allow up to 24–48 hours if you recently changed DNS TTLs.

I successfully added and verified my custom domain, and in the Railway dashboard I saw the message “Issuing certificate for domain”.

However, when I accessed the domain, HTTPS was not active. The browser showed the site as “Not Secure” (the typical warning you get when a site doesn’t have a valid SSL certificate).

Today, Railway is asking me to verify the domain again, even though it was already verified before.

when railway said "issuing certificate" but https didn't work, that means the cert issuance actually failed. when that happens railway resets and asks you to verify again, which is what you're seeing now

i think the cert failed during issuance which caused the verification reset. make sure your cname is set to 'dns only' (not proxied if using cloudflare), disable dnssec if enabled, then remove domain from railway, remove cname, wait 5-10 mins, and add everything back fresh

I thought so.. but is the second time it fails. So even if I do the same process again it will fail.
My concern is why it failed.

I'll try again as you say, my last theory is that something is collapsing

what dns provider are you using? if it's namecheap, hostinger, or godaddy, dnssec is the likely culprit.

also double check if you're using cloudflare ;if the orange cloud (proxy) is enabled, railway may not always be able to issue a certificate. it needs to be "dns only" mode (gray cloud)

so the root cause of your repeated failures is most likely one of these two things blocking railway's certificate validation process

it's cloudflare but we didn't have any issue for another environment, that's why.

I'm pretty sure that DNS is collapsing between the oauth provider we are using and railway backend.

okay so since you have another environment working fine with the same setup, this is likely specific to this particular domain

a common cause of repeated certificate failures like this is CAA records. railway uses let's encrypt to issue certificates. if your domain has a CAA record that doesn't include "letsencrypt.org", railway won't be able to issue the cert

check your dns for caa records using a tool like https://www.nslookup.io/caa-lookup/ or just run dig yourdomain.com CAA

if you see any caa records that don't include letsencrypt.org, that's your problem. you need to either:

-add a caa record: 0 issue "letsencrypt.org"

- or remove all caa records if you don't need that level of control

since you mentioned oauth, some oauth providers or security tools automatically add caa records during setup which could explain why this domain is affected but your other environment isn''t

also double check cloudflare ssl mode is set to "full" not "full strict" ;; we already covered the proxy thing but the ssl mode matters too

thanks for the help!

I did what you told me and now it got stuck in "Validating domain ownership".

Any clue? it's stuck since Wednesday

try this:

1. in cloudflare, purge/flush all dns cache for your domain

2. check if there are any old _acme-challenge txt records in cloudflare and delete them (these are leftover from previous cert attempts)

3. in cloudflare, make sure universal ssl is enabled and ssl mode is set to "full" (not full strict)

4. remove the domain from railway completely

5. wait 5 mins

6. add it back to railway

the _acme-challenge records are what railway uses to validate ownership and cloudflare sometimes caches stale ones that block validation. one user had to contact cloudflare support about stale txt records that railway had no control over Railway

if that doesn't work after 24h, it might be a cloudflare-side caching issue you'll need to contact their support about

I’ve already configured my DNS records with Network Solutions, which is where I purchased the domain. The records are set exactly as required on their side, and DNS has had sufficient time to propagate.

Despite this, Railway is still showing “Configure DNS Records – To finish setting up your custom domain, the records have not yet been detected.” There’s no indication of which record is supposedly missing or incorrect, so I’m stuck in a loop where everything appears correct externally, but Railway won’t acknowledge it.

The extra frustration here is the lack of any real-time support. There’s no chat, no live rep, no way to quickly confirm whether this is a propagation delay, a validation issue on Railway’s end, or something specific to Network Solutions. For an infrastructure platform, that’s… a bold choice.

If anyone from Railway is monitoring this, or if other users have run into the same Network Solutions → Railway DNS detection issue, I’d appreciate clarity on:

• how often Railway rechecks DNS,

• whether there’s a known delay or caching issue,

• or how to force a re-verification.

Right now, everything is configured, yet the system insists it isn’t, and I’m left arguing with a status message instead of a human.

I wasn't able to make it work, we ended up using the url that railways gives you.