I'm experiencing issues with wildcard SSL certificate provisioning for my domain *.mydomain.com on my Django service.

Current Status:

Wildcard domain *.mydomain.com is stuck on "Issuing TLS certificate"

Apex domain mydomain.com shows "Setup complete" and works correctly

Railway default domain myapp-django-production.up.railway.app works fine

What I've Done:

Flushed Cloudflare DNS Cache:

Used Cloudflare's purge cache tool at https://one.one.one.one/purge-cache/

Flushed TXT records for _acme-challenge.mydomain.com

Flushed TXT records for _acme-challenge.*.mydomain.com

Current Cloudflare DNS Configuration (all DNS only, no proxy):

CNAME _acme-challenge → [railway-generated].authorize.railwaydns.net (DNS only)

CNAME * → [railway-generated].up.railway.app (DNS only)

CNAME mydomain.com → [railway-generated].up.railway.app (DNS only)

Removed and Re-added Domains:

Deleted *.mydomain.com from Railway

Re-added *.mydomain.com

Copied exact DNS values from Railway's instructions to Cloudflare

All records are set to "DNS only" (grey cloud), NOT proxied

Cloudflare SSL/TLS Settings:

SSL/TLS encryption mode: Full (not Full Strict)

Universal SSL: Active

Railway Status:

Status changed from "Cloudflare proxy detected" to "Issuing TLS certificate"

Has been stuck on "Issuing TLS certificate"

What am I doing wrong here?