Custom domain stuck in "Issuing a new TLS certificate..." status.
Target domain is for wildcard subdomain with Clouflare proxy.
Cloudflare level us set to "full" as suggested.
Is there a way to retrigger the certificate issuane ?
30 Replies
Project ID:
20f1c8cb-7c67-4474-a8e7-7f50a349d80f20f1c8cb-7c67-4474-a8e7-7f50a349d80f
when I enter the domain in browser, I do land up on Railway page which says "nothing here... yet" So I think from cloudflare (and DNS side the CNAME records are correct). but I don't see the application running.
NOTE - this used to work corrently until last week. not sure what broke.
please send the custom domain
*.ygoeats-dev.co.uk
and is your app setup to handle wildcards too?
and is the status still Issuing a new TLS certificate?
yes the status is still the same
app is setup to handle subdomains and until last week it was working fine
have you changed anything at all?
client complained that it is not working so I think I removed and added the domain again, but it went down without me changing anything
i mean ygoeats-dev.co.uk does work at the moment, do the wildcards not work?
yeah the wildcard is not working.
check this - demo.ygoeats-dev.co.uk
or picolo.ygoeats-dev.co.uk
these were working before
show me the cloudflare dns settings please
and the railway domains too
is this the cname railway gave you when you redid the wildcard in railway?
or is that an old cname, from the first time you added it
when I redid it it showed me new CNAME and I changed the DNS to the new CNAME
where did this come from
that is a different application.
I have two application, one serves the main domain (which is working fine) and other one for sub domains.
ah i gotcha
they are in the same project right?
yes they are
wasn't there another guy with the same issue?
yes this isn't the first time it's happened
oh - can you turn off cloudflare proxying for the _acme-challenge DNS record? I thought that was in the docs, but apparently it isn't. For us to issue a certificate for wildcards, we need
_acme-challenge.<domain> to resolve to our own dns records - when cloudflare proxying is enabled, they inject A records for themselves.
the other records can have cloudflare proxying enabledplease update the
_acme-challenge record to be DNS only, reply to this message and I'll see if I can speed up the cert issuance retry.
thanks @char8
it is done.
awesome thanks - it's all back up for you now. I've also made a PR to update our docs.
thank you for the help.
/resolved
/solved
it was already marked as solved
yeah I realized that later 😄