Problem with DNS Records, Lets encrypt certificate can't be renewed

Netlify site name: cheery-chimera-2ef95a.netlify.app
custom domain: desingbuero.de

I pointed the apex domain and the www-subdomain from desingbuero.de to netlify. It seems to work for the subdomain, but the certificate now makes problems with the following error:

SniCertificate::CertificateNonvalidError: Unable to verify challenge for desingbuero.de: 2a00:1828:1000:2428::2: Invalid response from https://acme-challenge.manitu.de/6mOcU9ms2kyU0kXuGnOy95c1v3uMf-s-LjYU7K58MHI: 404

These are the records I made for the site:

I am fairly new to this topic and I am not sure, which records might be superfluous or if it is an other error. Could someone please support me?

Hi @Tineck. The error you shared was this:

SniCertificate::CertificateNonvalidError: Unable to verify challenge for desingbuero.de: 2a00:1828:1000:2428::2: Invalid response from https://acme-challenge.manitu.de/6mOcU9ms2kyU0kXuGnOy95c1v3uMf-s-LjYU7K58MHI: 404

This is using HTTP verification method and not the DNS verification method. The HTTP verification failed because the IPv6 IP address 2a00:1828:1000:2428::2: is not one that Netlify controls.

In order for Netlify to provision the SSL all non-Netlify IP address records must be deleted for any domain names being delegated to Netlify. This would mean removing both AAAA records above and the A record for 89.238.73.28.

If that doesn’t resolve the issue, please let us know.

Thanks, deleting those records and setting A-records for other existing subdomains instead of the wildcard does the trick. It‘s working!

1 Like