Hi Railway team,I’m trying to attach a custom domain to a Railway service, but TLS certificate issuance keeps failing and seems stuck on validation.SetupPlatform: RailwayService: FastAPI backendRuntime: Python 3.12Region: us-west2Port: 8080 (Railway-detected, working)Public Railway domain works correctly:https://closeready-backend-production.up.railway.appCustom domainDomain: api.closeready.caDNS provider & registrar: CloudflareDNS record:Type: CNAME Name: api Target: 6tanr2cf.up.railway.app Proxy: DNS only (gray cloud) TTL: AutoNo other A / AAAA records for api.closeready.caCurrent behaviorRailway shows:Certificate Authority is validating challengesAfter retry:Failed to issue TLS certificate – An internal error occurredClicking Try Again does not resolve itDeleting and re-adding the domain does not helpWaited 10+ minutes multiple timesDNS verificationFrom multiple resolvers:nslookup api.closeready.ca → resolves successfullyNotesThe service itself is healthy and reachable via the Railway-generated domainThis appears to be isolated to TLS issuance / ACME validationNo Cloudflare proxy or HTTPS redirect is enabled for this subdomainCould you please help check whether there is an issue with certificate issuance on Railway’s side for this domain?Thanks in advance!

Failed to issue TLS certificate for custom domain with Cloudflare CNAME (DNS only)

fieldwisegroup

HOBBYOP

2 months ago

Hi Railway team,

I’m trying to attach a custom domain to a Railway service, but TLS certificate issuance keeps failing and seems stuck on validation.

Setup

Platform: Railway
Service: FastAPI backend
Runtime: Python 3.12
Region: us-west2
Port: 8080 (Railway-detected, working)

Public Railway domain works correctly:

https://closeready-backend-production.up.railway.app

Custom domain

Domain: api.closeready.ca
DNS provider & registrar: Cloudflare

DNS record:

Type: CNAME
Name: api
Target: 6tanr2cf.up.railway.app
Proxy: DNS only (gray cloud)
TTL: Auto

No other A / AAAA records for api.closeready.ca

Current behavior

Railway shows:
Certificate Authority is validating challenges
After retry:
Failed to issue TLS certificate – An internal error occurred
Clicking Try Again does not resolve it
Deleting and re-adding the domain does not help
Waited 10+ minutes multiple times

DNS verification

From multiple resolvers:

nslookup api.closeready.ca
→ resolves successfully

Notes

The service itself is healthy and reachable via the Railway-generated domain
This appears to be isolated to TLS issuance / ACME validation
No Cloudflare proxy or HTTPS redirect is enabled for this subdomain

Could you please help check whether there is an issue with certificate issuance on Railway’s side for this domain?

Thanks in advance!

Solved

3 Replies

ray-chen

EMPLOYEE

2 months ago

Your domain has been suspended by ICANN. If you visit http://api.closeready.ca/ (without HTTPS), you'll see the notice message:

This domain has been suspended due to non-completion of an ICANN-mandated contact verification.

You'll have to reach out to your domain registrar to resolve this.

Status changed to Awaiting User Response Railway • about 2 months ago

anatrova

HOBBY

2 months ago

Hey I'm experiencing the same error.

Project id: a8ea7b15-9018-41db-8ba5-d8a13d4dd491

I'm using namecheap!

Attachments

IMG_7958.jpeg

Status changed to Awaiting Railway Response Railway • about 2 months ago

anatrova

Hey I'm experiencing the same error.Project id: a8ea7b15-9018-41db-8ba5-d8a13d4dd491I'm using namecheap!

angelo-railway

EMPLOYEE

2 months ago

That is a different issue, please open a new ticket for your issue.

Status changed to Awaiting User Response Railway • about 2 months ago

Railway

BOT

a month ago

This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!

Status changed to Solved Railway • about 1 month ago