a month ago
Can you please restore/reissue the previous www.coachjoelsway.com certificate key matching "b224060d...97393".
We are having a production outage and this would be the fastest remedy.
Thanks you
Pinned Solution
a month ago
No, the previous keys cannot be reused. I'd recommend adapting your application to allow the rotation of such keys, as Railway (which relies on LE) will issue a new certificate periodically.
13 Replies
a month ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open Railway • 28 days ago
a month ago
I selected this thread to be private with Railway, why is this being open to the public as a bounty??
a month ago
Are you still having this issue? Because I can access your website just fine. Try to open it in an incognito tab or use a different device/network, as it might be just a local caching issue.
darseen
Are you still having this issue? Because I can access your website just fine. Try to open it in an incognito tab or use a different device/network, as it might be just a local caching issue.
a month ago
Yes, the backend supports the iOS App version 1.0.0 through 1.3.0 all of which rely on that cert without having to upgrade to the newest ios app version.
joelhill
Yes, the backend supports the iOS App version 1.0.0 through 1.3.0 all of which rely on that cert without having to upgrade to the newest ios app version.
a month ago
You need to add a TXT record to _railway-verify.www.coachjoelsway.com. The certificate for your site will not be renewed unless that record is present.
0x5b62656e5d
You need to add a TXT record to `_railway-verify.www.coachjoelsway.com`. The certificate for your site will not be renewed unless that record is present.
a month ago
I've added the TXT record.
joelhill
I've added the TXT record.
a month ago
The content of the TXT record should be provided by Railway. It should not be your domain.
0x5b62656e5d
The content of the TXT record should be provided by Railway. It should not be your domain.
a month ago
I was not given anything by Railway. Can I find it somewhere?
a month ago
When you add the domain from your dashboard, Railway will display the required CNAME and TXT records for you to add.
If you're adding the domain using the API, you'll be able to get the content for the TXT record under the verificationToken property under status.
0x5b62656e5d
When you add the domain from your dashboard, Railway will display the required CNAME and TXT records for you to add. If you're adding the domain using the API, you'll be able to get the content for the TXT record under the `verificationToken` property under `status`.
a month ago
Got it thanks. Here is what I need. Can you restore or reissue the TLS certificate for www.coachjoelsway.com using the previous public/private key that was active before the May 14, 2026 Let’s Encrypt renewal? Older shipped iOS clients pin that public key and currently fail TLS before reaching our backend.
a month ago
Don't think that's possible. You'll need to update the TXT record to be the correct value for Railway to issue a certificate. This is to prevent domain hijacking.
0x5b62656e5d
Don't think that's possible. You'll need to update the TXT record to be the correct value for Railway to issue a certificate. This is to prevent domain hijacking.
a month ago
Thanks. To clarify, the domain is already validated and Railway has already issued a valid Let’s Encrypt certificate for www.coachjoelsway.com.
The problem is not certificate issuance or domain validation. The problem is that older shipped iOS clients pin the previous public key. After Railway renewed the cert on May 14, the public key changed, so those clients reject TLS before reaching our backend.
Can Railway either:
- restore/reuse the previous private key/public key for www.coachjoelsway.com, or
- confirm that this is not possible on Railway-managed TLS?
If the answer is no, we understand that old pinned clients cannot be recovered through Railway DNS/TXT changes alone.
a month ago
No, the previous keys cannot be reused. I'd recommend adapting your application to allow the rotation of such keys, as Railway (which relies on LE) will issue a new certificate periodically.
Status changed to Solved 0x5b62656e5d • 25 days ago