a month ago
Hello Railway team,
I'm experiencing a critical issue with wildcard SSL certificate generation for my subdomains, resulting in 525 SSL Handshake Failed errors.
**Problem Summary:**
- Domain: felipes.dev
- Subdomains (e.g., teste.felipes.dev) return HTTP/2 525 SSL Handshake Failed
- Main domain api.felipes.dev works perfectly (HTTP/2 200)
- Railway endpoint: 34kueldi.up.railway.app
**Current Configuration:**
- Cloudflare SSL/TLS mode: Full (not Full Strict)
- CNAME wildcard *.felipes.dev โ 34kueldi.up.railway.app
- CNAME api.felipes.dev โ 34kueldi.up.railway.app
- Both point to the same Railway endpoint
**What I've Already Tried:**
1. 
Verified Cloudflare SSL/TLS is in "Full" mode (not "Full Strict")
2. Confirmed CNAME wildcard points to correct Railway endpoint
3. Removed stale TXT records from Cloudflare DNS
4. Changed _acme-challenge records from "Proxied" to "DNS Only"
5. Waited for DNS propagation (24+ hours)
**Technical Details:**
- Railway appears unable to issue wildcard SSL certificate for *.felipes.dev
- The issue seems to be on Railway's side, not Cloudflare's
- Single domain certificates work fine (api.felipes.dev)
- Wildcard certificates fail to be issued
**Expected Behavior:**
- Railway should automatically issue wildcard SSL certificate for *.felipes.dev
- All subdomains should work with HTTPS
**Current Behavior:**
- Only api.felipes.dev works with HTTPS
- All other subdomains return 525 SSL Handshake Failed
This is blocking my production deployment. Could you please investigate why Railway cannot issue the wildcard SSL certificate for my domain?
Thank you for your assistance.
1 Replies
a month ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
Status changed to Solved trylooney โข about 1 month ago