SSL certificate stuck validating challenges for custom domain
blackvamp
PROOP

2 months ago

Hi Railway team,

My custom domain is stuck at:

"Certificate Authority is validating challenges"

Project: Feria Medieval - El Alamo

Environment: production

Service: web

Domain: www.feriamedievalelalamo.es

Port: 8080

DNS is propagated and correct:

www.feriamedievalelalamo.es CNAME 2lua1x8z.up.railway.app

_railway-verify.www.feriamedievalelalamo.es TXT railway-verify=121270d2646c7769f1338f75788d879b7359a06116741b9022e33bd8e619853e

I verified this against:

- dns1.barmetmedia.es

- dns2.barmetmedia.es

- 1.1.1.1

- 8.8.8.8

The site responds with HTTP/2 200 through Railway, but TLS still serves:

CN=*.up.railway.app

Could you please check/retry certificate issuance for www.feriamedievalelalamo.es?

Solved$20 Bounty

7 Replies

Status changed to Open Railway 2 months ago


blackvamp
PROOP

2 months ago

Update — 28 Apr 2026, 22:03 Madrid time

DNS is still correct and propagated:

www.feriamedievalelalamo.es CNAME 2lua1x8z.up.railway.app

_railway-verify.www.feriamedievalelalamo.es TXT railway-verify=121270d2646c7769f1338f75788d879b7359a06116741b9022e33bd8e619853e

Verified from:

dns1.barmetmedia.es

dns2.barmetmedia.es

1.1.1.1

8.8.8.8

The site responds through Railway:

HTTP/2 200

server: railway-edge

But TLS still serves the fallback certificate:

subject=CN=*.up.railway.app

issuer=Certainly Intermediate R1

SAN: DNS:*.up.railway.app

Expected certificate:

www.feriamedievalelalamo.es


I'd recommend removing the A record on your root domain.

Also, try removing your www domain from Railway, waiting for ~10-15 mins, then add it back.


blackvamp
PROOP

2 months ago

Failed to issue TLS certificate

Attachments


0x5b62656e5d

I'd recommend removing the A record on your root domain. Also, try removing your `www` domain from Railway, waiting for \~10-15 mins, then add it back.

blackvamp
PROOP

2 months ago

I did it as you mention. I delete the A record and create the www again with Railway new settings


You may have hit a LE certificate rate limit. Unfortunately, if this is the case, you'd need to wait until next week to get a certificate.


The team has identified the issue regarding TLS certificates and is working on it.

https://status.railway.com/incident/C4L89HAF


Fastly has resolved the issue. Try removing the custom domain from Railway and add it back.


Status changed to Solved 0x5b62656e5d about 2 months ago


Welcome!

Sign in to your Railway account to join the conversation.

Loading...