Hi Railway team, My custom domain is stuck at: "Certificate Authority is validating challenges" Project: Feria Medieval - El Alamo Environment: production Service: web Domain: [www.feriamedievalelalamo.es](http://www.feriamedievalelalamo.es) Port: 8080 DNS is propagated and correct: [www.feriamedievalelalamo.es](http://www.feriamedievalelalamo.es) CNAME [2lua1x8z.up.railway.app](http://2lua1x8z.up.railway.app) \_[railway-verify.www.feriamedievalelalamo.es](http://railway-verify.www.feriamedievalelalamo.es) TXT railway-verify=121270d2646c7769f1338f75788d879b7359a06116741b9022e33bd8e619853e I verified this against: \- [dns1.barmetmedia.es](http://dns1.barmetmedia.es) \- [dns2.barmetmedia.es](http://dns2.barmetmedia.es) \- 1.1.1.1 \- 8.8.8.8 The site responds with HTTP/2 200 through Railway, but TLS still serves: CN=\*.[up.railway.app](http://up.railway.app) Could you please check/retry certificate issuance for [www.feriamedievalelalamo.es](http://www.feriamedievalelalamo.es)?

SSL certificate stuck validating challenges for custom domain

blackvamp

PROOP

a month ago

Hi Railway team,

My custom domain is stuck at:

"Certificate Authority is validating challenges"

Project: Feria Medieval - El Alamo

Environment: production

Service: web

Domain: www.feriamedievalelalamo.es

Port: 8080

DNS is propagated and correct:

www.feriamedievalelalamo.es CNAME 2lua1x8z.up.railway.app

_railway-verify.www.feriamedievalelalamo.es TXT railway-verify=121270d2646c7769f1338f75788d879b7359a06116741b9022e33bd8e619853e

I verified this against:

- dns1.barmetmedia.es

- dns2.barmetmedia.es

- 1.1.1.1

- 8.8.8.8

The site responds with HTTP/2 200 through Railway, but TLS still serves:

CN=*.up.railway.app

Could you please check/retry certificate issuance for www.feriamedievalelalamo.es?

Attachments

Captura%20d...

Solved$20 Bounty

7 Replies

Status changed to Open Railway • about 1 month ago

blackvamp

PROOP

a month ago

Update — 28 Apr 2026, 22:03 Madrid time

DNS is still correct and propagated:

www.feriamedievalelalamo.es CNAME 2lua1x8z.up.railway.app

_railway-verify.www.feriamedievalelalamo.es TXT railway-verify=121270d2646c7769f1338f75788d879b7359a06116741b9022e33bd8e619853e

Verified from:

dns1.barmetmedia.es

dns2.barmetmedia.es

1.1.1.1

8.8.8.8

The site responds through Railway:

HTTP/2 200

server: railway-edge

But TLS still serves the fallback certificate:

subject=CN=*.up.railway.app

issuer=Certainly Intermediate R1

SAN: DNS:*.up.railway.app

Expected certificate:

www.feriamedievalelalamo.es

0x5b62656e5d

MODERATOR

a month ago

I'd recommend removing the A record on your root domain.

Also, try removing your www domain from Railway, waiting for ~10-15 mins, then add it back.

blackvamp

PROOP

a month ago

Failed to issue TLS certificate

Attachments

Captura%20d...

0x5b62656e5d

I'd recommend removing the A record on your root domain. Also, try removing your `www` domain from Railway, waiting for \~10-15 mins, then add it back.

blackvamp

PROOP

a month ago

I did it as you mention. I delete the A record and create the www again with Railway new settings

Attachments

Captura%20d...

0x5b62656e5d

MODERATOR

a month ago

You may have hit a LE certificate rate limit. Unfortunately, if this is the case, you'd need to wait until next week to get a certificate.

0x5b62656e5d

MODERATOR

a month ago

The team has identified the issue regarding TLS certificates and is working on it.

https://status.railway.com/incident/C4L89HAF

0x5b62656e5d

MODERATOR

a month ago

Fastly has resolved the issue. Try removing the custom domain from Railway and add it back.

Status changed to Solved 0x5b62656e5d • 30 days ago

Welcome!