Hello. We have problem with renew certificate for domain. We had this issue first time. And any idea why this happened. Can you recommend solution?

Site ID: 7795b6f1-63ee-404b-81de-a1b645f142ec

SniCertificate::CertificateNonvalidError: Unable to verify challenge for CAA record for prevents issuance

We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved. Check our troubleshooting guide for more information on how to fix the problem, and then renew the certificate.


Hi @yaroslav-mygal,

I’m seeing this issue for the domain

The link also describes the solution.

Additionally, I’m seeing domain aliases listed here:

That are showing Awaiting External DNS. You’ll want to ensure that the DNS is configured correctly.

For bare domains, you’ll want to ensure you have an A Record pointing to For any subdomains you’ll want a CNAME Record that is pointing to

We also recommend changing the A Record for to point to instead of

Let us know if you have any questions.