Fastly routing-errors
kokholm
PROOP

5 months ago

All our sites gives this error:

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.

Solved

17 Replies

junkzen
HOBBY

5 months ago

Also seeing this on our railway site


baoa111
HOBBY

5 months ago

Me too

Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [766821fba06a18fd70cf5cd51bcdf1cea3997473edbf7d8d245190f7a09cbb76] in use with this connection. Visit https://www.fastly.com/documentation/guides/concepts/errors/#routing-errors for more information.


kokholm
PROOP

5 months ago

https://skivefolkeblad.dk/

We use cloudflare with proxy.

So looks like its releated to https://status.railway.com/cmlufoznv0c93wndfhvrp6k24

Even though it is not "up domains"


5 months ago

Ack, looking into it right now.


Status changed to Awaiting User Response Railway 5 months ago


rjbathgate
PRO

5 months ago

Yup we are experiencing the same.

We are seeing it only on our domain that goes through a CloudFlare tunnel.

All other domains seem to be ok (they still use Cloudflare proxy but not tunnel)


Status changed to Awaiting Railway Response Railway 5 months ago


junkzen
HOBBY

5 months ago

We're using cloudflare but not tunnels, and we're still seeing this error with all requests


kokholm
PROOP

5 months ago

Not sure about tunnels.

Dont think we use that either.

A few of our public services still works (which to me have the same proxied cloudflare setup).

Etc. https://hf.mhm-login.dk/

I have made a temp redirect in cloudflare to most important sites.

But kept some of them non directed if that is needed for any testing.

https://ditfjends.dk/


5 months ago

Yep, seems like a Fastly <> CF issue


5 months ago

Note for everyone on the thread, we put all domains behind a CDN to give DDoS protection by default, hence the issue.


12unicorns
PRO

5 months ago

Do we have an ETR on this?

stacks.africa and africaawesome.com are our primary domains.

We're losing money here.


brody

Note for everyone on the thread, we put all domains behind a CDN to give DDoS protection by default, hence the issue.

rjbathgate
PRO

5 months ago

Does this mean it's a Railway issue or a Fastly/CF issue?


twny
PRO

5 months ago

we're experiencing this issue as well is there anything we need to be doing?


rjbathgate

Does this mean it's a Railway issue or a Fastly/CF issue?

twny
PRO

5 months ago

wondering this as well

>Note for everyone on the thread, we put all domains behind a CDN to give DDoS protection by default, hence the issue.

Brody can you provide more details here?

it sounds like what you're saying is that internally there's a misconfigured mapping for TLS certs on domains that railway is giving fastly?


twny
PRO

5 months ago

also appreciate the clarity here

small feedback: surfacing this in the network pane would help teams running custom edge routing

i'll also +1 an opt-in track for early cdn / edge changes before broad rollout to help prevent fire drills

thanks for jumping on this


rjbathgate
PRO

5 months ago

For everyone in this thread, checkout this other (main) thread on the topic:

https://station.railway.com/questions/certificate-error-4ce531e5

TL;DR; - post your impacted domains and they'll fast track a fix (a fix is being rolled out to all)


rjbathgate

For everyone in this thread, checkout this other (main) thread on the topic: <https://station.railway.com/questions/certificate-error-4ce531e5> TL;DR; - post your impacted domains and they'll fast track a fix (a fix is being rolled out to all)

5 months ago

Already fixed for all affected users.


twny

wondering this as well \>Note for everyone on the thread, we put all domains behind a CDN to give DDoS protection by default, hence the issue. Brody can you provide more details here? it sounds like what you're saying is that internally there's a misconfigured mapping for TLS certs on domains that railway is giving fastly?

5 months ago

We started to roll out Fastly as a CDN in front of all domains, but found some misconfigured domains, so we have been running a script to fix them on the fly.


Status changed to Awaiting User Response brody 5 months ago


Railway
BOT

4 months ago

This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!

Status changed to Solved Railway 4 months ago


Welcome!

Sign in to your Railway account to join the conversation.

Loading...