It may take up to a few hours (maybe even a day, but rarely) for Railway to validate the DNS and issue a certificate. If it doesn't happen by then, try removing the domain from Railway and add it back after ~10-15 mins. Update DNS records as necessary.

Thanks for the response, but I think the standard “wait and retry” answer doesn’t fit my case. To clarify the timeline:

•	I added an initial custom domain over a day ago, never received a certificate

•	Yesterday I switched to api.staging.sitecare.ro, close to 24 hours ago, and still no certificate

•	I’ve removed and re-added it multiple times with 10-15 min waits

•	I also tried Railway’s auto-generated *.up.railway.app domain to test, and that didn’t get a working certificate either

The fact that even the Railway-generated domain didn’t work suggests this isn’t a DNS validation issue on my end. From the outside it looks like cert provisioning is broken for my account specifically.

For reference, my diagnostics confirm DNS is correct and there are no CAA records blocking issuance:

$ dig api.staging.sitecare.ro +short

k01utd6j.up.railway.app.

66.33.22.84

$ dig CAA sitecare.ro +short

(empty, no CAA records)

Could someone check the ACME provisioning state on the backend for either domain? I’d rather not wait another day to confirm the generic suggestion doesn’t work in my case.

Found it. The issue was an incorrect NODE_ENV value in the staging environment, which was preventing the service from starting properly. Once I fixed that, the deployment came up healthy and the certificate was issued shortly after.

Thanks for helping me get on the right track by asking about deployment health. You can resolve this thread.