a month ago
Hello Railway Support,
I am experiencing an SSL provisioning issue for my custom subdomain:
Domain: dash.linkllo.com
DNS configuration:
CNAME:
dash -> pz5kzx46.up.railway.app
TXT:
_railway-verify.dash -> railway-verification token
The domain verification succeeds, but the SSL certificate is never issued.
Troubleshooting already performed:
Removed and re-added the domain multiple times
Verified CNAME and TXT records
Waited for DNS propagation
Tested in Incognito mode
Connected through Cloudflare
Confirmed DNS records are resolving correctly
Could you please check the certificate provisioning logs for this domain and verify whether the SSL issuance process is stuck on Railway's side?
Project:
linkllo.com
Affected domain:
dash.linkllo.com
Thank you.
Attachments
7 Replies
a month ago
This thread has been opened as a bounty so the community can help solve it.
Status changed to Open Railway • 28 days ago
a month ago
I can access your domain just fine. It might be just a caching issue. I suggest you access it from an incognito tab, or use a different network.
a month ago
it's not a caching issue. the error is NET::ERR_CERT_COMMON_NAME_INVALID which means the ssl cert was never issued for dash.linkllo.com, railway just never provisioned it.
the dns and TXT verification look correct from your screenshots. this is railway's cert provisioning being stuck on their side. you need to contact railway support directly and ask them to manually trigger cert issuance for dash.linkllo.com — removing and re-adding the domain won't fix it if the ACME order is wedged
a month ago
Thank you for the response.
I have already tested the domain using:
- Incognito mode
- Multiple browsers
- Different internet connections
- VPN from different locations
The issue persists and the domain is still inaccessible due to SSL validation errors.
Also, in Railway's custom domain configuration, the CNAME record for dash.linkllo.com is showing a warning icon (⚠️) next to it, while the TXT verification record shows as verified.
Could someone from the Railway team please clarify what this warning icon indicates?
Domain: dash.linkllo.com
The DNS records currently configured are:
CNAME:
dash → pz5kzx46.up.railway.app
TXT:
_railway-verify.dash → railway-verification token
Could you please check whether:
- The ACME/Let's Encrypt certificate order is stuck.
- SSL certificate provisioning failed internally.
- The warning icon on the CNAME record indicates a validation issue on Railway's side.
If necessary, could the SSL issuance process be manually re-triggered?
Thank you.
Attachments
vthapan29-cloud
Thank you for the response. I have already tested the domain using: * Incognito mode * Multiple browsers * Different internet connections * VPN from different locations The issue persists and the domain is still inaccessible due to SSL validation errors. Also, in Railway's custom domain configuration, the CNAME record for `dash.linkllo.com` is showing a warning icon (⚠️) next to it, while the TXT verification record shows as verified. Could someone from the Railway team please clarify what this warning icon indicates? Domain: dash.linkllo.com The DNS records currently configured are: CNAME: dash → pz5kzx46.up.railway.app TXT: _railway-verify.dash → railway-verification token Could you please check whether: 1. The ACME/Let's Encrypt certificate order is stuck. 2. SSL certificate provisioning failed internally. 3. The warning icon on the CNAME record indicates a validation issue on Railway's side. If necessary, could the SSL issuance process be manually re-triggered? Thank you. 
a month ago
the warning icon on the CNAME confirms it — railway hasn't validated that domain yet on their side. your dns is fine, this is 100% a stuck ACME order on railway's backend. only railway support can fix this, no amount of removing/re-adding will clear it. when you contact them give them the domain id from your project settings so they can look it up directly
a month ago
Resolved. The issue was on Cloudflare's side — SSL mode was set to Flexible instead of Full. After changing it to Full (Strict), the certificate provisioned successfully.
a month ago
This bounty was added by mistake — this is my own support thread. Please ignore the bounty. I will contact Railway support directly with the Domain ID to resolve the stuck ACME order.
a month ago
Please delete my bounty post — it was added by mistake. Thread: https://station.railway.com/questions/ssl-certificate-not-provisioning-for-cus-fd48c030