a month ago
Summary
On service "aios-web" (project AIOS, environment production, region EU West), the wildcard
custom domain *.aios-app.de repeatedly fails to get a TLS certificate with:
"Failed to issue TLS certificate — An internal error occurred. Please retry or contact support."
The apex domain aios-app.de on the SAME service issued its certificate fine and is live (HTTPS 200).
DNS is verified correct (so this is not a DNS-config issue)
-
DNS is managed by Cloudflare (nameservers delegated to Cloudflare at the .de registry).
-
CNAME *.aios-app.de -> udlys13e.up.railway.app (resolves to Railway edge 69.46.46.48)
-
CNAME _acme-challenge.aios-app.de -> udlys13e.authorize.railwaydns.net (DNS-only, NOT Cloudflare-proxied)
-
TXT _railway-verify.aios-app.de present and matches the dashboard value.
-
The ACME DNS-01 challenge tokens ARE present at _acme-challenge (following the CNAME),
so the challenge target is populated — but the certificate still never issues.
-
No CAA record on the domain. No DNSSEC (no DS record at the registry; no SERVFAIL).
-
Verified from multiple resolvers (1.1.1.1 and 8.8.8.8).
What I tried
Removed and re-added the wildcard domain a few times, updating the new */_acme-challenge CNAME
targets in Cloudflare each time. Every attempt: DNS verifies correct, certificate still fails
with the same internal error.
This looks like a server-side certificate-issuance problem (possibly a Let's Encrypt rate limit triggered by the repeated retries). Could you please:
-
manually issue / re-trigger the wildcard certificate for *.aios-app.de, and/or
-
tell me whether the account is currently Let's Encrypt rate-limited (and when it resets)?
Details
Plan: Hobby.