Also seeing this on our railway site

Me too
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

https://skivefolkeblad.dk/

We use cloudflare with proxy.

So looks like its releated to https://status.railway.com/cmlufoznv0c93wndfhvrp6k24
Even though it is not "up domains"

Ack, looking into it right now.

Yup we are experiencing the same.

We are seeing it only on our domain that goes through a CloudFlare tunnel.

All other domains seem to be ok (they still use Cloudflare proxy but not tunnel)

We're using cloudflare but not tunnels, and we're still seeing this error with all requests

Not sure about tunnels.
Dont think we use that either.

A few of our public services still works (which to me have the same proxied cloudflare setup).
Etc. https://hf.mhm-login.dk/

I have made a temp redirect in cloudflare to most important sites.

But kept some of them non directed if that is needed for any testing.
https://ditfjends.dk/

Yep, seems like a Fastly <> CF issue

Note for everyone on the thread, we put all domains behind a CDN to give DDoS protection by default, hence the issue.

Do we have an ETR on this?
stacks.africa and africaawesome.com are our primary domains.
We're losing money here.

Does this mean it's a Railway issue or a Fastly/CF issue?

we're experiencing this issue as well is there anything we need to be doing?

wondering this as well

>Note for everyone on the thread, we put all domains behind a CDN to give DDoS protection by default, hence the issue.

Brody can you provide more details here?

it sounds like what you're saying is that internally there's a misconfigured mapping for TLS certs on domains that railway is giving fastly?

also appreciate the clarity here

small feedback: surfacing this in the network pane would help teams running custom edge routing

i'll also +1 an opt-in track for early cdn / edge changes before broad rollout to help prevent fire drills

thanks for jumping on this

For everyone in this thread, checkout this other (main) thread on the topic:

https://station.railway.com/questions/certificate-error-4ce531e5

TL;DR; - post your impacted domains and they'll fast track a fix (a fix is being rolled out to all)

Already fixed for all affected users.

We started to roll out Fastly as a CDN in front of all domains, but found some misconfigured domains, so we have been running a script to fix them on the fly.