SniCertificate::CertificateNonvalidError

Hello. We have problem with renew certificate for domain. We had this issue first time. And any idea why this happened. Can you recommend solution?

Site ID: 7795b6f1-63ee-404b-81de-a1b645f142ec
Error:

SniCertificate::CertificateNonvalidError: Unable to verify challenge for unzer.com: CAA record for unzer.com prevents issuance

We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved. Check our troubleshooting guide for more information on how to fix the problem, and then renew the certificate.

Thanks.

Hi @yaroslav-mygal,

I’m seeing this issue for the domain unzer.com:

The link also describes the solution.

Additionally, I’m seeing domain aliases listed here:

That are showing Awaiting External DNS. You’ll want to ensure that the DNS is configured correctly.

For bare domains, you’ll want to ensure you have an A Record pointing to 75.2.60.5. For any subdomains you’ll want a CNAME Record that is pointing to one-hei-prod.netlify.app.

We also recommend changing the A Record for unzer.com to point to 75.2.60.5 instead of 104.198.14.52.

Let us know if you have any questions.