SSL certificate not provisioning for custom domain on Hobby plan
eldadlh
HOBBYOP

14 days ago

Hi Railway team,

I'm on the Hobby plan. Project: pacific-sparkle. Service: Valu8.

I've added a custom domain, www.valu8.co.uk, to my service.

The DNS is correct and verified:

• CNAME www.valu8.co.uk → vxoznjsq.up.railway.app

• Railway's dashboard shows the domain status as VALID

• DNS is fully propagated (confirmed via Google DNS 8.8.8.8)

• No CAA records are blocking issuance

The problem: Railway is not issuing a Let's Encrypt SSL certificate

for www.valu8.co.uk. Requests keep being served the default

*.up.railway.app wildcard certificate and return a 404 / privacy

error in the browser.

A second custom domain on the SAME service, valu8.buckswell.co.uk,

has a valid certificate and works perfectly, so the mechanism clearly

works in general.

When adding the domain, the dashboard showed:

"You have hit the custom domain limit for your plan. Please upgrade

to add more."

Questions:

  1. Is the Hobby-plan custom-domain limit preventing the SSL

    certificate from being issued for www.valu8.co.uk?

  2. If so, what do I need to do, upgrade the plan, or remove an

    existing custom domain first?

  3. Can you manually trigger / force certificate provisioning for

    www.valu8.co.uk?

Thank you

Solved$10 Bounty

Pinned Solution

uxuz
MODERATOR

14 days ago

Hey, you are missing the _railway-verifyTXT record.

2 Replies

Status changed to Open Railway 14 days ago

uxuz
MODERATOR

14 days ago

Hey, you are missing the _railway-verifyTXT record.

dev-charles254
PRO

14 days ago

Hi Eldad,

The issue is that you have hit Railway’s Hobby plan limit of 2 custom domains per service. Because of this limit, the backend cannot provision the Let's Encrypt SSL certificate for www.valu8.co.uk, which is why it falls back to the wildcard certificate and throws a privacy/404 error.

How to fix it:

  1. Upgrade your plan or remove an unused custom domain from that service to free up space.
  2. Double-check that you have added the required _railway-verify TXT record alongside your CNAME record in your DNS settings.
  3. Once the limit is cleared and DNS is verified, trigger a manual redeploy of your Valu8 service to force Railway to request the SSL certificate.

If it still doesn't update, quickly delete and re-add the domain in the Railway dashboard to reset the certificate queue!

Status changed to Solved 0x5b62656e5d 14 days ago

Welcome!

Sign in to your Railway account to join the conversation.

Login
Loading...