Not able to renew SSL Certificate from Netlify - SniCertificate::CertificateNonvalidError: Unable to verify challenge for Incorrect TXT record "3245" found at _acme-challenge

Hi @Audai,

Thanks for the follow-up.

Since you want to use External DNS, you’ll want to remove the Netlify DNS Zone here, as it can cause issues with renewing SSL certificates. This is mentioned in the Inactive DNS Zone Support Guide:

Under Are inactive DNS zones a problem?

Actually, yes, inactive DNS zones with our DNS service do cause problems. The most common issue they cause is that our service will be unable to create or update the automatic Let’s Encrypt SSL certificates for this production domain. This can affect any updates for the Let’s Encrypt SSL certificates our service provisions, including updates for branch subdomains .

For your External DNS configuration, I do see you are pointing an A Record for to For, you’ll want to point a CNAME Record to

Once the DNS change has propagated, please try clicking Renew certificate here:

Let us know if you have any questions.