Need help with SSL for my domain. \*.uniadshare.com is not being provisioned with SSL. Here's what your support AI says: **At this point, you need to contact Railway support directly.** This is beyond standard troubleshooting because: 1. DNS records are correctly configured and live 2. Domains are added to the service 3. Multiple deployments have been attempted 4. No validation errors are appearing in logs **When you contact support, provide them:** * Service name: `uniadshare` * Domains: `uniadshare.com` and `*.uniadshare.com` * DNS provider: GoDaddy * CNAME: `_acme-challenge.uniadshare.com` → `paqaclsp.authorize.railwaydns.net` * TXT: `_railway-verify.uniadshare.com` with the verification value * Timeline: Issue has persisted for days despite multiple deployments They can check Railway's backend validation logs to see why the domain isn't being provisioned with SSL.

Having trouble with SSL for a wildcard - Railway Central Station

Having trouble with SSL for a wildcard

jonnygoodwin

HOBBYOP

2 months ago

Need help with SSL for my domain. *.uniadshare.com is not being provisioned with SSL.

Here's what your support AI says:

At this point, you need to contact Railway support directly. This is beyond standard troubleshooting because:

DNS records are correctly configured and live
Domains are added to the service
Multiple deployments have been attempted
No validation errors are appearing in logs

When you contact support, provide them:

Service name: uniadshare
Domains: uniadshare.com and *.uniadshare.com
DNS provider: GoDaddy
CNAME: _acme-challenge.uniadshare.com → paqaclsp.authorize.railwaydns.net
TXT: _railway-verify.uniadshare.com with the verification value
Timeline: Issue has persisted for days despite multiple deployments

They can check Railway's backend validation logs to see why the domain isn't being provisioned with SSL.

$10 Bounty

2 Replies

Status changed to Awaiting Railway Response Railway • about 2 months ago

Status changed to Open Railway • about 2 months ago

domehane

FREE

2 months ago

Hello jonnygoodwin , two things from railway's official docs that are likely causing your issue,

first , wildcard domains need two cname records. you mentioned the _acme-challenge cname but never mentioned the second one which is a cname for *.uniadshare.com pointing to your railway endpoint like xxxxx.up.railway.app. do you have that one?

second , railway's docs explicitly list godaddy as a provider that does not support cname flattening for root domains, so uniadshare.com will never work directly on godaddy. their official workaround is to switch your nameservers to cloudflare (free tier) which handles this automatically

Hope this help you :)

xianjm

FREE

2 months ago

The issue is likely a conflicting DNS record on GoDaddy. Here's what to check:

Delete any TXT record at _acme-challenge.uniadshare.com — GoDaddy sometimes auto-creates one, and a CNAME can't coexist with a TXT at the same name, so the ACME challenge silently fails.
Make sure the Host field in GoDaddy is just _acme-challenge (not the full _acme-challenge.uniadshare.com) — GoDaddy auto-appends the domain, so typing the full name creates a broken double-suffix record.
After fixing DNS, remove and re-add*.uniadshare.com in Railway's domain settings, then redeploy — this forces Railway to retry the ACME DNS-01 challenge.

Verify with:

bash

dig _acme-challenge.uniadshare.com CNAME +short  # should return Railway's target
dig _acme-challenge.uniadshare.com TXT +short     # should return nothing

If the CNAME resolves cleanly with no conflicting TXT, the wildcard cert should provision within minutes.

Welcome!