How to fix "SniCertificate::CertificateNonvalidError: Unable to verify challenge for app.jaenitel.com: DNS problem: SERVFAIL looking up CAA for jaenitel.com - the domain's nameservers may be malfunctioning"

PLEASE help us help you by writing a good post!

• my netlify app: sage-pudding-f30b85.netlify.app
• my custom domain: app.jaenitel.com

I am suffering an Let’s encrypt error after expire of SSL from Let’s encrypt.

my app worked well when it was first deployed. but after 3 months(as Let’s Encrypt’s SSL’s expiration) when I tried to renew my certificate I got error message as below.

SniCertificate::CertificateNonvalidError: Unable to verify challenge for app.jaenitel.com: DNS problem: SERVFAIL looking up CAA for jaenitel.com - the domain’s nameservers may be malfunctioning

We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved. Check our troubleshooting guide for more information on how to fix the problem, and then renew the certificate.

I have not changed any CNAME of my custom domain, and external registar (which is GoDaddy) was also didn’t changed for its domain name server as first I’ve set for deployment setting.

I am so confused…

FYI) my origin domain is jaenitel.com and I used app,.jaenitel.com for sub domain for my client deployment.

please let me know for any further information

Hi @darren-kk,

Thanks for reaching out and welcome to Netlify’s Support Forums!

I see we’ve responded to your ticket in our helpdesk. If you have any follow-up questions feel free to continue correspondence there!