External Domain SSL not working
I added an external domain and can reach my app, but the cert is wrong. It is for *.up.railway.app and not for my domain. I tried to redeploy, but nothing changed. So, is there a way to force the recreation of Let's encrypt certs?
31 Replies
Project ID:
b835cb5a-ce44-430f-b967-e817594f17e4b835cb5a-ce44-430f-b967-e817594f17e4
Service ID: 9c7c7036-0a80-4e9f-a214-e6b089d33ac6
Just be patient, happened to me too
Wait like 5 hours
Ok, thanks. The domain is displayed as connected in the project. Maybe it is a good idea to display the SSL state there as well.
Welp, I'm not the team so maybe you leave our something in #🤗|feedback
@mono - has this worked itself out for you or are you still having SSL troubles?
The problem still exists. I have also opened a mail ticket, but so far, there is no solution. Creating the domain again is unfortunately also not an option because the DNS settings are with my customer, and he is not happy when we go through the procedure once more. Especially since I cannot guarantee that it will be faster this time.
what domain provider are you using?
it is not my provider. it is the provider from my client
okay lets not be pedantic now
i don't know, why is this important?
because some domain providers dont support root level cnames, if you dont use a cname you get SSL errors
The CNAME works, but there is no Cert for this domain. If I ignore the cert, everything is fine
do you mind sharing the domain?
dig baugebiete.amt-suederbrarup.de
; <<>> DiG 9.10.6 <<>> baugebiete.amt-suederbrarup.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52096
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;baugebiete.amt-suederbrarup.de. IN A
;; ANSWER SECTION:
baugebiete.amt-suederbrarup.de. 3600 IN CNAME 0bvxkxfp.up.railway.app.
0bvxkxfp.up.railway.app. 300 IN A 104.196.232.237
;; Query time: 71 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Thu Jun 29 20:39:59 CEST 2023
;; MSG SIZE rcvd: 112
it is exactly the same as on other "working" domains.
@rayofbytes - would you be able to re-trigger the ssl generation cert for this domain?
you are using railway in a professional setting, so you would likely need to be on the teams plan, that plan also comes with priority support
done!
try again
@rayofbytes @Brody thanks!
no problem!
I am on the teams plan, don't know what to-do to get the priority support. xD I simply filled out the support form.
my apologies discord didnt indicate that you are on the teams plan, are you the owner?
ya I just saw your email -- that's the correct way to reach us! I'm not sure why your cert issuance was stuck, we've seen this before with some registrars not responding to certain probes correctly.
@rayofbytes sorry, to come back to this old post. But I have the same problem again on Project: 6469b4dd-fc44-4871-b68f-501a7defe162 with the develop branch.
Oof. I’m away from laptop now, will take a look the moment I’m back 🙂
Thank you very much, and sorry for just writing to you about this. But my customer is already asking and the email support is unfortunately not yet further.
It is about the domain develop.drdobler-diagnostik.de.
Initially we wanted to move the productive system today, but I want to avoid that we run into the same problem there.
Try now
it works 🙂
But what is the problem, is there anything I can do? For me, it looks like a bug in your system or a sleep period that extends exponential between two checks.
I think so because if I set up the external domain in your system and immediately the DNS it works. But sometimes this is not possible because I don't control the domain DNS.
For the production system. What can I do to make the switch flawless?
external domain in your system and immediately the DNS it worksHmm, can you elaborate on this? How long apart are you adding the custom domain and creating the DNS record?
Hey there, if you have customers using your app the hobby plan is not for you. You’ll get direct email support from the Railway team if you upgrade to the Pro plan
The hobby plan supports hobby workloads. Not for businesses
@Adam if you read this post, you can see that I am on the pro plan, but discord missed this information. If you can add the information to my account, please do it.
Maybe a day later. I generate the CNAME and send it to my client. And he added the DNS record on the next day.
Ah I think that's the issue here. I can see the initial cert issuance attempt get stuck on an invalid domain. We don't have auto retrys in cert issuance logic, so if the initial attempt fails, one of us will have to step in and do this manually. edit: I was wrong, re-trys are spaced out.
Let me see how I can improve this flow for ya. In the meantime, please ping me anytime you run into this!