SSL Certificate Issue / HSTS Block on ceftx.dev
ceftx
HOBBYOP

3 months ago

Hello,

I am reporting a critical connection issue with my service pointing to ceftx.dev.

Issue Description: The website is currently inaccessible due to a security certificate problem. Browsers (specifically Firefox) are showing a "Potential Security Issue" warning. Since the domain has HSTS (HTTP Strict Transport Security) enabled, users are blocked from adding an exception to visit the site.

Error Details:

  • Domain:ceftx.dev
  • Error Message: "Did Not Connect: Potential Security Issue"
  • Specifics: The certificate appears to be expired or misconfigured.

Impact: No traffic can reach the site because the HSTS policy prevents any non-secure connection.

I have attached a screenshot of the browser error for your reference. Could you please check the SSL certificate status and the deployment logs for this domain?

Best regards.

$10 Bounty

1 Replies

Status changed to Awaiting Railway Response Railway 3 months ago

devextremecoders
HOBBY

3 months ago

Hello Ceftx,

Following up on the SSL/HSTS connection error on ceftx.dev, I am considering enabling Cloudflare’s Proxy (Orange Cloud) to manage the traffic and certificates for the root domain.

However, I have a few concerns regarding my current architecture:

Multi-tenancy: My application handles multiple customer stores via subdomains. If I enable the Cloudflare Proxy for the root domain (ceftx.dev), will it interfere with the SSL issuance or the routing of my subdomains (e.g., shop1.ceftx.dev) that are currently managed by Railway?

SSL Configuration: Which SSL mode do you recommend on Cloudflare to maintain compatibility with Railway’s automated certificates? I am planning to use "Full (Strict)" to ensure end-to-end encryption.

HSTS: Since the domain is currently blocked by HSTS due to the expired/invalid certificate, would routing through Cloudflare help bypass this block for the end-users immediately?

My goal is to fix the access issue on the main site without breaking the dynamic subdomain resolution for my clients.

Looking forward to your advice on the best configuration for this setup.

Best regards,

dev.ext.coder brother

Status changed to Open brody 3 months ago

Welcome!

Sign in to your Railway account to join the conversation.

Login
Loading...