Investigating now, will update

Same issue. Looks like it's specifically for sub-domains for me

Service IDs

e64f9d88-c3f6-4ad8-b7bf-32d7cd8bdebd

f834b589-619a-4dc0-be5f-9d97526f4aba

b0192684-9db3-4193-aa4d-8f9614d20273

Happens 20 minutes ago on 4 of our around 16 (primary) domains.

Redeploy did nothing

We can see the TLS certificates for several of your custom domains are currently being re-issued, which explains the 525 SSL handshake errors. Your domains are verified and DNS is correctly configured through Cloudflare. The certificate re-issuance should complete shortly. We will continue to monitor and if the issue persists beyond 15-20 minutes we will go further.

Not subdomains for me, and i see no differences between some of the identical setup websites (same code, same overall setup - but other service/projects) anywhere. Not in Cloudflare either.

We have 3 main projects, and 2 of the issues is in one of them, the other in another where the third project is unaffected for now.

All identical setup in Railway and Cloudflare.

And again, no subdomain.

It's related to a Cloudflare issue: https://new.cloudflarestatus.com/incidents/j17t8xz91xs0

Please disable Cloudflare's proxy (orange -> grey cloud) to resolve this.

Proxy removed on all. Waiting to see improvements.

I can now access the www. versions of the 3 affected domains (but OFC i get warned about non secure connection and NO users will click thorugh that), also the non www domain still dont work - and that is what we mainly use.

So for all intent and purpose, the 3 affected sites is still 100% down for us

I am having issues as well with this and our production website is down.

Agree with other thread, an 16 hour old cloudflare issue (although not resolved), seems strange that this is now suddenly an issue.

It looks like railway changed our service public URL out of nowhere?

Hello, I checked from our side and it looks like we don't have valid certificates for either of your domains. This is usually caused by a proxy like Cloudflare blocking access to /.well-known, or domains not pointing to the correct TXT/CNAME records. So, while Cloudflare flexible mode used to mask this error for you, it's now broken due to the Cloudflare incident, and you cannot fall back to our edge due to the fact we don't have TLS certificates for your domains.

To fix this immediately, you can remove and re-add the domains to Railway, and the certificates should be automatically re-issued for your domains - it might take a few minutes to propagate.

I tried to remove and re-add the domain for my services, and it didn't help. Changing my SSL to flexible causes a ERR_TOO_MANY_REDIRECTS error

I have removed the records on cloudflare (root/@ and www), and added them again.

A few minutes later and still no improvements

You need to disable the Cloudflare proxy when you add the DNS records to Cloudflare.

Done, is on "Issuing TLS certificate" on railway interface.

Wait a few minutes and see i guess

Accoding to your interface, it switches between "Issuing TLS certificate" and "Cloudflare proxy detected", even though proxy is off

No matter what, no improvments

can you check that your public service URL in cloudflare is correct and it showed up exactly like your errors are

Got it working on my side. I removed and re-added my domain on the railways service a second time and then made sure to delete then add the new CNAME record on the cloudflare side. Previously I just edited the original CNAME record.

I guess you mean the public (custom) domain? Yes, it is correct for both root/@ and www

I will try that again, i did remove it on cloudflare, but did not remove it in railway beforehand

With or without cloudflare proxy?

By removing the domain from railway and adding it there again, i now get a Txt verify i did not have before. Perhaps that is the issue

with Cloudflare Proxy, SSL on Full. You do have to add a TXT verify along with your CNAMe when you re-add the domain

Almost up now, not 100% working (root still do not work on one of them), some i had to add and remove multiple times. Some worked shortly after first complete removal (remove DNS in cloudflare, and domain in Raillway)

Now that this seems to works. Required full reset (Railway and Cloudflare) of DNS and by that adding TXT files.

In the meanwhile, lots of our other services (mostly internal, but also some customer facing) have went up and down also.

Now it seems like the issue might be moving to other domains, and i can see those also do not have the TXT files (added years ago, before that was how Railway verirified). But these seems periodically. So not sure if they are the same.

Do i really have to go through all our domains, remove them in cloudflare and railway and re-add them (with known downtime of a few miniutes), or is this not related?

This is the most critical service i am talking about having some up and down, and where all dont have TXT (Other than one i just added now).

https://railway.com/project/5dfc53a8-dea9-46af-b0a0-536e51368af3/service/eca68ad2-7ea4-4e75-9918-6597e05b4fca/settings?groupId=e92470cb-d369-4045-83dc-34020040bd40&environmentId=2d2473e5-9346-4932-9ab3-7c2c014f8ba6

Now i got it again. A few times, then after a few tries it disapeared.

So there is some issue.

And this was the specfic (most important) domain i just removed and readded to make sure it had the TXT

I was getting the SSL handshake error, now the error is different. Getting a 421 misdirected request.

25 min without registered downtime now.

That is something at least...

What issue are you experiencing? I would recommend keeping the Cloudflare proxy disabled until their issue is resolved. You can track it here: https://new.cloudflarestatus.com/incidents/j17t8xz91xs0