From 2f76a460160308ebcbbe91bbd2dd2c1c7cf31e22 Mon Sep 17 00:00:00 2001
From: Charith Amarasinghe <995136+char8@users.noreply.github.com>
Date: Thu, 20 Jul 2023 20:07:47 +0100
Subject: [PATCH] document issue with cloudflare proxying and wildcard certs

We need `_acme-challenge` DNS records to direct to us directly for proper validation.
---
 src/docs/deploy/exposing-your-app.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/docs/deploy/exposing-your-app.md b/src/docs/deploy/exposing-your-app.md
index 79b4ad5a8..dfb67ade9 100644
--- a/src/docs/deploy/exposing-your-app.md
+++ b/src/docs/deploy/exposing-your-app.md
@@ -51,6 +51,8 @@ width={1048} height={842} quality={80} />
 
 In order to use Wildcard Domains, you must add two CNAME records, one for the wildcard domain, and one for the _acme-challenge. The _acme-challenge CNAME is required for Railway to issue the SSL Certificate for your domain.
 
+**NOTE:** If you're using Cloudflare, it is important that the _acme-challenge record has Cloudflare proxying disabled (no orange cloud). 
+
 ## Private Networks
 
 To expose an application on the [private network](https://docs.railway.app/reference/private-networking) you need to