Subject: SSL Certificate Stuck Issuing for Root Domain (24+ hours)

petesker
PROOP

a month ago

I'm unable to get an SSL certificate issued for my root domain on Railway. The certificate has been stuck in "Issuing" status for over 24 hours.

Details:

  • Service: frontend (Service ID: can be found in Railway dashboard)

  • Domain: pickupteams.com

  • Issue: TLS certificate stuck in "Issuing" state

  • Duration: 18+ hours for current, after I retried it after being stuck for 6+ hours

  • Port: 8080

DNS Configuration (Verified Working):

pickupteams.com → CNAME44ivx0td.up.railway.app
_acme-challenge.pickupteams.com → CNAME → bf9hk1mj.authorize.railwaydns.net

DNS Verification:

dig _acme-challenge.pickupteams.com CNAME
Returns: bf9hk1mj.authorize.railwaydns.net (correct)

Troubleshooting Already Attempted:

  • Removed and re-added the domain (no change)

  • Verified DNS records are correct and propagated globally

  • Wildcard subdomain (*.pickupteams.com) SSL works perfectly

  • Only the root domain is affected

Note: The wildcard certificate for *.pickupteams.com was issued successfully, so the DNS and ACME challenge process works. Only the root domain certificate is stuck.

Could you please check if there's a rate limit issue or bug preventing the certificate from being issued?

Thank you!

$20 Bounty

4 Replies

Railway
BOT

a month ago

Hey there! We've found the following might help you get unblocked faster:

If you find the answer from one of these, please let us know by solving the thread!

dalinkstone
FREE

a month ago

To be clear, what DNS provider are you using?

The checklist to go through for your setup:

  1. Make sure your wildcard authorize.railwaydns.net is not proxied

  2. Are you using the * identifier for your root domain

  3. Is Universal SSL enabled?

  4. if Full encryption enabled?

All of this is much easier with cloudflare. If you are using cloudflare just make sure the orange cloud next to your wildcard is turned off as well.

In my case with my root domain, I use namecheap and they perform CNAME flattening for root domains through an ALIAS record instead of the CNAME record.

dalinkstone
FREE

a month ago

Another thing I thought of, was if you have multiple CNAME records that attempt to use the same host (two records with * or another CNAME record with @) could cause a conflict.

I did just use a DNS checker and I'm seeing that the root domain you provided (pickupteams.com) is not resolving anywhere.

For safe measure I'd also include a permanent 301 URL REDIRECT from the www host to your root domain (https://pickupteams.com).

dalinkstone

To be clear, what DNS provider are you using?The checklist to go through for your setup:Make sure your wildcard authorize.railwaydns.net is not proxiedAre you using the * identifier for your root domainIs Universal SSL enabled?if Full encryption enabled?All of this is much easier with cloudflare. If you are using cloudflare just make sure the orange cloud next to your wildcard is turned off as well.In my case with my root domain, I use namecheap and they perform CNAME flattening for root domains through an ALIAS record instead of the CNAME record.

brody
EMPLOYEE

a month ago

The user mentioned that their wildcard domain setup works fine.

Their user is having issues with their root domain.

Please do not recommend people to use ALIAS types, we cannot guarantee domains will work correctly long term with unsupported setup.

+11