Error when trying to renew certificate error - SniCertificate::CertificateInvalidError

Hello,

yesterday I got a message saying my Let’s Encrypt ssl expired and it was unable to renew it automatically.

The error is: SniCertificate::CertificateInvalidError: Unable to verify challenge for (domain)

I have not changed any configuration about my domain or DNS on my end or Netlify’s end. From the two posts I’ve read about this error, someone from Netlify’s end was able to correct this error.

The default subdomain is: adm-seguros-dourados.netlify.com

hi there, can you give this thread a read through and see if any of the solutions apply to you?

https://answers.netlify.com/t/snicertificate-unable-to-verify-challenge-for-our-domain/1883

if no, please let us know the domain name you are trying to connect your netlify site to.

Hello, I’ve read the thread but unfortunately it didn’t solve my problem.

I have no AAAA nor CAA to remove/edit and no registered subdomains that require CNAME.

I’ll PM you a screenshot with some additional info from my domain (admseguros.net)

Hi, @SandroSeiya, I found the following doing a WHOIS lookup for the domain configured for that Netlify site:

$ whois <REDACTED DOMAIN NAME> | grep -i "Name Server"
   Name Server: NS2.TERRAEMPRESAS.COM.BR
   Name Server: NS3.TERRAEMPRESAS.COM.BR
Name Server: ns2.terraempresas.com.br
Name Server: ns3.terraempresas.com.br

This domain is configured to use Netlify DNS but it actually is not. The name server records for this domain are not being used:

<REDACTED DOMAIN NAME>		86400	IN	NS	dns4.p07.nsone.net.
<REDACTED DOMAIN NAME>		86400	IN	NS	dns3.p07.nsone.net.
<REDACTED DOMAIN NAME>	    86400	IN	NS	dns2.p07.nsone.net.
<REDACTED DOMAIN NAME>		86400	IN	NS	dns1.p07.nsone.net.

Those records exist but they exist only at the terraempresas.com.br name servers. Those are the onlyname servers being used (the ones at terraempresas.com.br).

The solution for this is to replace the existing name servers there with the nsone.net name servers above. Please consult the documentation from your domain registrar or contact their support team for more information about how to make those changes. This change needs to happen with the registrar to move the DNS service for this domain to Netlify.

Or, you can delete the DNS configuration at Netlify and use the instructions below with your existing DNS service:

If there are other questions about this, please let us know.

Hello, I’ve talked with the support on my registrar and they’re looking into it, as soon as I get an answer I’ll update this thread.

For now, thank you for the information.

Hello again, my provider finally reached out and it was a problem in their end. As Luke pointed it out the name servers were incorrect and for some reason it was only corrected when talking directly to the provider (I couldn’t change it, even though it appeared that I should).

Thanks for the help!

1 Like

glad it’s working. We’ll close this thread!