2 months ago
Hey team — Hoping to get some help with a custom domain SSL issue.
I have a Flask app deployed on Railway (service: breakdown-engine-production). I added a custom domain app.getthebreakdown.com and set up the CNAME record pointing to my Railway-provided domain. The CNAME is resolving correctly, but SSL hasn't provisioned yet.
It's been a couple days since I configured it. The domain works over HTTP but HTTPS gives a certificate error. Is there anything on my end I might be missing, or does SSL provisioning sometimes take longer for certain configurations?
Project ID: 6f152e17-4433-4ec3-817c-af4b84cc64c6
Domain: app.getthebreakdown.com
Service: breakdown-engine-production
Appreciate any #✋|help
31 Replies
2 months ago
Hey, I don't see the TXT record on your domain, i can only see the CNAME record on nslookup.
2 months ago
You can try removing and re-adding the domain.
Hey, thanks for responding. I created a ticket but no response yet.
I actually already tried that 2 days ago and didn’t want to keep retriggering. I know I added it properly to BlueHost though
Hey, thanks for responding. I created a ticket but no response yet.
I actually already tried that 2 days ago and didn’t want to keep retriggering. I know I added it properly to BlueHost though
I just ran nslookup -type=TXT _railway.app.getthebreakdown.com and it resolves correctly with the full verification string: railway-verify=5fcc49d1bf92a144f66b350773c13de696eca72edee0e117af3614aaa973c059. The CNAME for app.getthebreakdown.com also resolves to 44yc0lty.up.railway.app. Both records have been live for 2+ days. Can you re-check on your end or manually trigger the SSL certificate?"
2 months ago
I just ran nslookup -type=TXT _railway.app.getthebreakdown.com and it resolves correctly with the full verification string: railway-verify=5fcc49d1bf92a144f66b350773c13de696eca72edee0e117af3614aaa973c059. The CNAME for app.getthebreakdown.com also resolves to 44yc0lty.up.railway.app. Both records have been live for 2+ days. Can you re-check on your end or manually trigger the SSL certificate?"
kausland23
I just ran `nslookup -type=TXT _railway.app.getthebreakdown.com` and it resolves correctly with the full verification string: `railway-verify=5fcc49d1bf92a144f66b350773c13de696eca72edee0e117af3614aaa973c059`. The CNAME for `app.getthebreakdown.com` also resolves to `44yc0lty.up.railway.app`. Both records have been live for 2+ days. Can you re-check on your end or manually trigger the SSL certificate?"
2 months ago
I can also see the record now, I will escalate this to the team!
Status changed to Awaiting Railway Response Railway • about 2 months ago
medim
I can also see the record now, I will escalate this to the team!
2 months ago
Awesome, thank you!
2 months ago
Please link a service.
Status changed to Awaiting User Response brody • about 2 months ago
2 months ago
Thanks for the reply. The custom domain app.getthebreakdown.com is already linked to my service under Service → Settings → Networking. The CNAME and TXT records are both verified and resolving correctly (confirmed via dig), but the status has been stuck on "Waiting for DNS update" for about 3 days now. Is it possible this is a Let's Encrypt rate limit issue? I deleted and re-added the domain a once early on trying to troubleshoot (this was 2-3 days ago). Is there anything you can trigger on your end to force the certificate issuance?
Status changed to Awaiting Railway Response Railway • about 2 months ago
2 months ago
@K_Aus23 can you link the service here on Discord? Just click the "Link Service" button.
Status changed to Awaiting User Response brody • about 2 months ago
Sorry, not seeing where it says to Link Service. Where can I locate the button?
2 months ago
The first message on this thread
2 months ago
This one
Oh, there we go. Linked now. Thank you. That will allow you guys to see what needs done then?
2 months ago
Yep! let's wait for a response from the team.
2 months ago
The validation workflow is waiting for the TXT record.
2 months ago
Try re-adding your TXT record and make sure it matches whichever domain record you added.
2 months ago
I don't see the TXT record on your root domain, only in the subdomain.
2 months ago
My suspicion is that you're adding the TXT record to the _railway.app.getthebreakdown.com subdomain and not the app.getthebreakdown.com
So, this should just say app?
Attachments
2 months ago
Use the TXT name the dashboard gives you please.
This is what they gave me:
_railway-verify.app
I think I see the mistake. So, it should be that instead of _railway.app right?
I will say though, I've confirmed it's resolving correctly via dig:
dig _railway.app.getthebreakdown.com TXT returns railway-verify=5fcc49d1bf92a144f66b350773c13de696eca72edee0e117af3614aaa973c059
Does that not matter?
2 months ago
It does not matter, since it is incorrect, the correct value must be used.
Status changed to Solved medim • about 2 months ago