23 days ago
My wildcard subdomain can't be activated as custom domain
Failed to issue TLS certificate
Try Again
An internal error occurred. Please retry or contact support.
Attachments
2 Replies
Status changed to Open Railway • 23 days ago
23 days ago
After validating the domain configuration, I don't believe this is a DNS or ACME misconfiguration.
Findings:
- Cloudflare nameservers are active.
- No CAA records are blocking Let's Encrypt.
- Railway-created "_acme-challenge.waqaf.uk" resolves correctly.
- Wildcard DNS resolves correctly ("test.waqaf.uk -> railway.app target").
- Railway Edge receives requests and returns HTTP redirects.
However HTTPS fails:
curl -Iv https://test.waqaf.uk
returns:
TLS alert, internal error
and
openssl s_client -connect test.waqaf.uk:443 -servername test.waqaf.uk
returns:
no peer certificate available
SSL alert number 80
This indicates Railway Edge is handling the hostname but is not serving any TLS certificate for the wildcard domain.
Based on the evidence, the failure appears to be in certificate issuance, attachment, or wildcard TLS provisioning on the Railway side rather than DNS configuration
avnish-es
After validating the domain configuration, I don't believe this is a DNS or ACME misconfiguration. Findings: - Cloudflare nameservers are active. - No CAA records are blocking Let's Encrypt. - Railway-created "_acme-challenge.waqaf.uk" resolves correctly. - Wildcard DNS resolves correctly ("test.waqaf.uk -> railway.app target"). - Railway Edge receives requests and returns HTTP redirects. However HTTPS fails: curl -Iv https://test.waqaf.uk returns: TLS alert, internal error and openssl s_client -connect test.waqaf.uk:443 -servername test.waqaf.uk returns: no peer certificate available SSL alert number 80 This indicates Railway Edge is handling the hostname but is not serving any TLS certificate for the wildcard domain. Based on the evidence, the failure appears to be in certificate issuance, attachment, or wildcard TLS provisioning on the Railway side rather than DNS configuration
23 days ago
Applications using wildcard tenant routing cannot serve HTTPS traffic despite valid DNS and ACME configuration.
Reproduction Steps
Create Railway service.
Add wildcard custom domain (*.waqaf.uk).
Configure Railway DNS records.
Wait for DNS propagation.
Retry certificate issuance.Result:
TLS issuance fails and no certificate is served by railway-edge.