5 months ago
Hello Railway Support Team,
I am experiencing an issue with TLS certificate issuance on my project.
Project domain:
afel.co.ukWildcard domain:
*.afel.co.ukStatus: Stuck at “Metal Edge · Issuing TLS certificate” for more than 24 hours.
DNS provider: Cloudflare (nameservers:
adrian.ns.cloudflare.com,seth.ns.cloudflare.com)DNS setup:
afel.co.uk→89utt8pw.up.railway.app(CNAME, DNS only)*.afel.co.uk→rwq2idny.up.railway.app(CNAME, DNS only)_acme-challenge.afel.co.uk→rwq2idny.authorize.railwaydns.net(CNAME, DNS only)
I have already:
Verified that all CNAMEs are DNS-only (not proxied).
Ensured Cloudflare SSL mode is set to Full.
Waited over 24 hours for propagation.
Confirmed that the
_acme-challengerecord is present in Cloudflare.
Despite this, the TLS certificate for the wildcard domain is not being issued. Could you please check if the Let’s Encrypt order for this domain is stuck on your side, and if so, reset or re-issue it?
Thank you for your assistance.
Best regards,
Syed Ali Omair
15 Replies
5 months ago
Hey there! We've found the following might help you get unblocked faster:
🧵 Railway is stuck on "Issuing TLS Certificate" for my wildcard
🧵 Wildcard SSL Certificate Issue - 525 SSL Handshake Failed for Subdomains
If you find the answer from one of these, please let us know by solving the thread!
5 months ago
Are you able to re-try adding this?
Remove the _acme-challenge record from Cloudflare
Remove the * CNAME from Cloudflare
Delete the wildcard domain from Railway
Run through setup again
Status changed to Awaiting User Response Railway • 5 months ago
5 months ago
Yes I did that 3 times already but still not working
Status changed to Awaiting Railway Response Railway • 5 months ago
5 months ago
Do you have any TXT records for _acme-challenge? If not, you may need to reach out to Cloudflare to get them to flush the DNS records.
Status changed to Awaiting User Response Railway • 5 months ago
5 months ago
Status changed to Awaiting Railway Response Railway • 5 months ago
5 months ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open itsrems • 5 months ago
5 months ago
Hey there! This might sound stupid but have you tried removing the domain from Railway and then readding it? The wildcard subdomain that is.
5 months ago
yes i tried it and its not working I tried 3 or 4 times and its been more then 72 hours now
5 months ago
5 months ago
Did you get this resolved? having the same issue here.
5 months ago
no moving to AWS its working fine there
5 months ago
I wasted days fixing this, so I suggest you don’t waste your time either and move to AWS.
saomair
I wasted days fixing this, so I suggest you don’t waste your time either and move to AWS.
5 months ago
I moved to DigitalOcean App Platform and it worked in minutes. Thank you for saving me days of hard time.
5 months ago
I opened a ticket and just read this thread. In my case I only left the acme field set to DNS only and the other ones to proxied.
However it seems that not certificates were issued.