Hi Railway team, I’m trying to attach a custom domain to a Railway service, but TLS certificate issuance keeps failing and seems stuck on validation. ### Setup * Platform: **Railway** * Service: **FastAPI backend** * Runtime: **Python 3.12** * Region: **us-west2** * Port: **8080 (Railway-detected, working)** * Public Railway domain works correctly: ``` https://closeready-backend-production.up.railway.app ``` ### Custom domain * Domain: `api.closeready.ca` * DNS provider & registrar: **Cloudflare** * DNS record: ``` Type: CNAME Name: api Target: 6tanr2cf.up.railway.app Proxy: DNS only (gray cloud) TTL: Auto ``` * No other A / AAAA records for `api.closeready.ca` ### Current behavior * Railway shows: > **Certificate Authority is validating challenges** * After retry: > **Failed to issue TLS certificate – An internal error occurred** * Clicking **Try Again** does not resolve it * Deleting and re-adding the domain does not help * Waited 10+ minutes multiple times ### DNS verification From multiple resolvers: ``` nslookup api.closeready.ca → resolves successfully ``` ### Notes * The service itself is healthy and reachable via the Railway-generated domain * This appears to be isolated to TLS issuance / ACME validation * No Cloudflare proxy or HTTPS redirect is enabled for this subdomain Could you please help check whether there is an issue with certificate issuance on Railway’s side for this domain? Thanks in advance!

Failed to issue TLS certificate for custom domain with Cloudflare CNAME (DNS only)

fieldwisegroup

HOBBYOP

4 months ago

Hi Railway team,

I’m trying to attach a custom domain to a Railway service, but TLS certificate issuance keeps failing and seems stuck on validation.

Setup

Platform: Railway
Service: FastAPI backend
Runtime: Python 3.12
Region: us-west2
Port: 8080 (Railway-detected, working)
Public Railway domain works correctly:

https://closeready-backend-production.up.railway.app

Custom domain

Domain: api.closeready.ca
DNS provider & registrar: Cloudflare
DNS record:

Type: CNAME  
Name: api  
Target: 6tanr2cf.up.railway.app  
Proxy: DNS only (gray cloud)  
TTL: Auto

No other A / AAAA records for api.closeready.ca

Current behavior

Railway shows:

Certificate Authority is validating challenges

After retry:

Failed to issue TLS certificate – An internal error occurred

Clicking Try Again does not resolve it
Deleting and re-adding the domain does not help
Waited 10+ minutes multiple times

DNS verification

From multiple resolvers:

nslookup api.closeready.ca
→ resolves successfully

Notes

The service itself is healthy and reachable via the Railway-generated domain
This appears to be isolated to TLS issuance / ACME validation
No Cloudflare proxy or HTTPS redirect is enabled for this subdomain

Could you please help check whether there is an issue with certificate issuance on Railway’s side for this domain?

Thanks in advance!

Solved

3 Replies

ray-chen

EMPLOYEE

4 months ago

Your domain has been suspended by ICANN. If you visit http://api.closeready.ca/ (without HTTPS), you'll see the notice message:

This domain has been suspended due to non-completion of an ICANN-mandated contact verification.

You'll have to reach out to your domain registrar to resolve this.

Status changed to Awaiting User Response Railway • 4 months ago

anatrova

HOBBY

4 months ago

Hey I'm experiencing the same error.

Project id: a8ea7b15-9018-41db-8ba5-d8a13d4dd491

I'm using namecheap!

Attachments

IMG_7958.jpeg

Status changed to Awaiting Railway Response Railway • 4 months ago

anatrova

Hey I'm experiencing the same error. Project id: a8ea7b15-9018-41db-8ba5-d8a13d4dd491 I'm using namecheap!

angelo-railway

EMPLOYEE

4 months ago

That is a different issue, please open a new ticket for your issue.

Status changed to Awaiting User Response Railway • 4 months ago

Railway

BOT

4 months ago

This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!

Status changed to Solved Railway • 4 months ago

Welcome!