13 days ago
Hi,
My www subdomain is working correctly:
www.quantumcryptohq.net → frontend service → Port 3000
However the root domain is failing to issue a TLS certificate:
quantumcryptohq.net → Port 3000 → "Failed to issue TLS certificate — An internal error occurred"
I've tried clicking "Try Again" multiple times over several days with no success.
The DNS A record for quantumcryptohq.net points to 66.33.22.226 (resolved from 0er7anpg.up.railway.app).
The TXT verification record _railway-verify is also added and verified.
Project: practical-nature
Service: frontend
Plan: Hobby
Please advise or fix on your end.
Thank you
Pinned Solution
13 days ago
Hey , your problem is that you're using an a record for the root domain , i can see you mentioned it yourself "the dns a record for quantumcryptohq.net points to 66.33.22.226" railway only supports cname or alias/aname records for cert issuance, a records won't work, that's why www is fine but the root keeps failing so to fix this delete that a record, then replace it with an alias or aname record pointing to 0er7anpg.up.railway.app if your dns provider supports it if not move your dns to cloudflare free plan and add a cname for @ pointing to 0er7anpg.up.railway.app, cloudflare handles apex cnames automatically
once dns propagates, remove the root domain from railway dashboard wait a few minutes re-add it and the cert should issue fine
2 Replies
Status changed to Open Railway • 13 days ago
13 days ago
Hey , your problem is that you're using an a record for the root domain , i can see you mentioned it yourself "the dns a record for quantumcryptohq.net points to 66.33.22.226" railway only supports cname or alias/aname records for cert issuance, a records won't work, that's why www is fine but the root keeps failing so to fix this delete that a record, then replace it with an alias or aname record pointing to 0er7anpg.up.railway.app if your dns provider supports it if not move your dns to cloudflare free plan and add a cname for @ pointing to 0er7anpg.up.railway.app, cloudflare handles apex cnames automatically
once dns propagates, remove the root domain from railway dashboard wait a few minutes re-add it and the cert should issue fine
Status changed to Awaiting User Response Railway • 13 days ago
andrewkat52
Hey , your problem is that you're using an a record for the root domain , i can see you mentioned it yourself "the dns a record for [quantumcryptohq.net](http://quantumcryptohq.net) points to 66.33.22.226" railway only supports cname or alias/aname records for cert issuance, a records won't work, that's why www is fine but the root keeps failing so to fix this delete that a record, then replace it with an alias or aname record pointing to [0er7anpg.up.railway.app](http://0er7anpg.up.railway.app) if your dns provider supports it if not move your dns to cloudflare free plan and add a cname for @ pointing to [0er7anpg.up.railway.app](http://0er7anpg.up.railway.app), cloudflare handles apex cnames automatically once dns propagates, remove the root domain from railway dashboard wait a few minutes re-add it and the cert should issue fine
13 days ago
Thanks! Moved DNS to Cloudflare, added the CNAME for @ and used Railway's one-click DNS setup. Root domain is now live with TLS. Appreciate the help.
Status changed to Awaiting Railway Response Railway • 13 days ago
Status changed to Solved 0x5b62656e5d • 13 days ago