a month ago
Hello Railway Support Team and Community,
I am trying to set up a wildcard domain (*.<yourdomain>.com) for my Railway project, but despite following all the steps and applying the recommended solutions, I am consistently receiving an Error 525: SSL handshake failed from Cloudflare. I need assistance with this issue.
Summary:
When I try to access any subdomain of my application (e.g., test.<yourdomain>.com), Cloudflare cannot complete the SSL handshake with the origin server (Railway).
Troubleshooting Steps Taken & Current Configuration:
I have already performed the following steps to resolve the issue, but the problem persists:
Set Cloudflare SSL/TLS Mode: I first tried setting the SSL/TLS encryption mode to "Full". When the issue continued, I switched to the most secure and recommended setting, "Full (Strict)". The error occurs in both modes.
Verified DNS Configuration: I have confirmed that in my Cloudflare DNS panel, the
CNAMErecord for*is set to "Proxied" (Orange Cloud) to ensure traffic goes through Cloudflare.Re-provisioned Railway Certificate: Suspecting an issue with certificate generation on Railway's side, I removed the wildcard domain from my project's "Settings > Networking" section. After waiting a few minutes, I re-added it to re-trigger the SSL certificate provisioning process.
Waited for Propagation: I have waited for over an hour for all changes (both DNS and SSL) to propagate, and I have cleared my browser cache multiple times.
Result: Despite all the steps above, I still receive the 525 error when accessing any subdomain. This leads me to believe the issue is not with my local configuration but rather with the Railway origin server failing to correctly respond to Cloudflare's SSL request.
My Request for Help:
Could you please check if there is an issue on the origin server with provisioning the wildcard SSL certificate or presenting it to Cloudflare?
Are there any clues in my project's server logs that would indicate why the SSL handshake is failing?
Is there any other step I can take or a different setting I should check on my end to resolve this?
I am attaching screenshots of my relevant configuration panels from Railway and Cloudflare to this post.
Thank you very much for your help.
9 Replies
a month ago
Still reading up but the second screenshot showing SSL mode reminded me of an issue I had. To tickle my fancy, can you change it from full -> full (strict) just to see. Give it 30-45 seconds after and clear cache on cfs side to see.
a month ago
And if that doesnt work, I wonder if railway issues certs for wildcard domains. If not you would want to try flexible mode on SSL/TLS.
error
And if that doesnt work, I wonder if railway issues certs for wildcard domains. If not you would want to try flexible mode on SSL/TLS.
a month ago
We do.
brody
We do.
a month ago
Okay good to know!
In that case, check out full -> full (strict) as that solved a similar problem on my end a while back.
a month ago
We do not support Full (Strict) as it interferes with how we issue certs in some cases.
brody
We do not support Full (Strict) as it interferes with how we issue certs in some cases.
a month ago
Oh interesting...
a month ago
The certification issuing has failed, Cloudflare has a stale TXT record set that is preventing us from issuing the wildcard certificate successfully.
Unfortunately, we see this a fair bit with Cloudflare and the only option would be to reach out to Cloudflare's support and ask them to clear the state TXT record.
a month ago
Thankss u
Status changed to Solved chandrika • about 1 month ago