Apex domain cert is not renewing

Hello everyone,

For pledges.com(ecstatic-poitras-e85564.netlify.app) custom domain apex I cant renew the certificate, it fails with:

SniCertificate::CertificateNonvalidError: Unable to verify challenge for pledges.com: During secondary validation: The key authorization file from the server did not match this challenge

Encountered I should write to support since you can do it manually, could you please handle this?


Hey @ardailgaz

pledges.com is not configured as outlined in the Configure external DNS for a custom domain → Configure an apex domain.

Instead of a single A record pointing to the Netlify load balancer (or ALIAS, ANAME, or flattened CNAME) I see three A records

% dig pledges.com
pledges.com.		3600	IN	A
pledges.com.		3600	IN	A
pledges.com.		3600	IN	A

You will need to remove the other two A records in order for the SSL certificate to renew.