18 days ago
Hi Railway team,
I’m seeing TLS handshake failures on Railway-generated domains from New Zealand.
This domain fails:
https://motorex-api-development.up.railway.app/api/v1/health
Resolves to:
203.96.208.40
curl error:
LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to :443
Browser error:
net::ERR_CONNECTION_CLOSED
The request fails during TLS handshake before reaching the app.
A different Railway service behind a Cloudflare custom domain works fine:
https://api.motorexnz.com/api/v1/health
That response includes:
x-railway-edge: railway/asia-southeast1-eqsg3a
I also rolled back to a known-good commit and the issue still happens, so this does not seem app-code related.
Is there an issue with the generated *.up.railway.app edge route/certificate for my service?
3 Replies
18 days ago
The IP 203.96.208.40 that your domain is resolving to is not a Railway address, which means your local DNS resolver or ISP in New Zealand is returning an incorrect IP for the .up.railway.app domain. This explains the TLS handshake failure, since that IP does not serve a valid certificate for the domain. You can verify this by switching to a different DNS resolver (e.g., 1.1.1.1 or 8.8.8.8) or testing from a different network. We also have a Network Diagnostics tool you can download and run, then share the results here for further investigation.
Status changed to Awaiting User Response Railway • 18 days ago
18 days ago
Thank you for the quick response. I downloaded the network diagnostic tool and got these results:
Railway Network Diagnostics
Generated : Tuesday, May 5 2026 14:23:29 NZST
Endpoint : routing-info-production.up.railway.app
Client IP Info
{
"ip": "121.74.37.49",
"city": "Rolleston",
"region": "Canterbury",
"country": "NZ",
"loc": "-43.5833,172.3833",
"org": "AS9500 One New Zealand Group Limited",
"postal": "7614",
"timezone": "Pacific/Auckland",
"readme": "https://ipinfo.io/missingauth"
}
HTTP HEAD request
Error: making HTTP HEAD request: Head "https://routing-info-production.up.railway.app": EOF
DNS lookup (using system DNS)
; <<>> DiG 9.10.6 <<>> routing-info-production.up.railway.app
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13034
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;routing-info-production.up.railway.app. IN A
;; ANSWER SECTION:
routing-info-production.up.railway.app. 10 IN A 203.96.208.40
;; Query time: 5 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue May 05 14:23:30 NZST 2026
;; MSG SIZE rcvd: 83
DNS lookup (using Cloudflare)
; <<>> DiG 9.10.6 <<>> @1.1.1.1 routing-info-production.up.railway.app
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12387
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;routing-info-production.up.railway.app. IN A
;; ANSWER SECTION:
routing-info-production.up.railway.app. 44 IN A 66.33.22.232
;; Query time: 21 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 05 14:23:30 NZST 2026
;; MSG SIZE rcvd: 83
Traceroute
1 192.168.0.1 (192.168.0.1) 6.605 ms 3.244 ms
2 192.168.1.1 (192.168.1.1) 3.501 ms 3.262 ms
Status changed to Awaiting Railway Response Railway • 18 days ago
18 days ago
I just flushed my DNS cache and its working fine now. Thank you!
Status changed to Solved bruhdus • 18 days ago