a month ago
I see this has been reported before and I am now seeing it for my app. I have had several hours of outage today and it is not resolving itself. The app has been running fine on this subdomain for months and today it started issuing a new certificate and is stuck.
I have tried deleting the custom domain and re-creating it as I saw suggested in another thread.
Please advise!
11 Replies
a month ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
Railway
Hey there! We've found the following might help you get unblocked faster: - [🧵 Railway is stuck on "Issuing TLS Certificate" for my wildcard](https://station.railway.com/questions/railway-is-stuck-on-issuing-tls-certifi-c2d7c7ad) - [🧵 Issuing TLS Certificate – Stuck](https://station.railway.com/questions/issuing-tls-certificate-stuck-0c6be8d7) - [🧵 Stuck Issuing TLS Certificate](https://station.railway.com/questions/stuck-issuing-tls-certificate-a5e08a56) If you find the answer from one of these, please let us know by solving the thread!
a month ago
If anything this is evidence there is a problem to fix. I don't have a unique issue here
noahd
Hey there! Are you currently using CF for your DNS?
a month ago
No, I use Porkbun as my DNS and I use the default Railway settings for TLS provisioning
lsparlin
No, I use Porkbun as my DNS and I use the default Railway settings for TLS provisioning
a month ago
Good to know. Can I get a screenshot of your porkbun setup? Would love to see how its configured!
noahd
Good to know. Can I get a screenshot of your porkbun setup? Would love to see how its configured!
a month ago
Yes here it is, is this going to get you closer to fix the several hour app downtime caused by the TLS issue?
Attachments
lsparlin
Yes here it is, is this going to get you closer to fix the several hour app downtime caused by the TLS issue?
a month ago
Understand the frustration but I'm trying to gather any information that I'm able to on this.
Unsure if it will be an extremely simple fix but I'll see what I find
a month ago
If you're able to get a screenshot of the custom domain section too that would be very useful.
noahd
If you're able to get a screenshot of the custom domain section too that would be very useful.
a month ago
Got it.
Attachments
a month ago
Any updates?
lsparlin
Any updates?
a month ago
Hi there,
I checked the wildcard record, and it appears that the DNS has not propagated as expected for your wildcard domain. For instance, since you have set up *.chaosroots.com as a CNAME record, querying a random subdomain like test.chaosroots.com should reveal the specific CNAME record.
➜ ~ dig test.chaosroots.com
; <<>> DiG 9.10.6 <<>> test.chaosroots.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50672
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.chaosroots.com. IN A
;; AUTHORITY SECTION:
chaosroots.com. 1127 IN SOA curitiba.ns.porkbun.com. dns.cloudflare.com. 2384668526 10000 2400 604800 1800
;; Query time: 3 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Oct 01 11:57:19 IST 2025
;; MSG SIZE rcvd: 119
Could you please try removing the current CNAME record and re-setting it on the Porkbun dashboard? Ideally, the DNS record should point to the Railway server so we can generate the TLS certificate for you.
If the issue persists, I recommend reaching out to Porkbun support to ask about any possible delays in DNS propagation.
I look forward to hearing back from you.
