SniCertificate::CertificateNonvalidError: Unable to verify challenge for alias domain

I’m getting the following message on one of my projects’ domains:

SniCertificate::CertificateNonvalidError: Unable to verify challenge for makeadailydifference.com: During secondary validation: 34.102.136.180: Invalid response from http://makeadailydifference.com/.well-known/acme-challenge/SeMg-LVjFTAkHAqhQFgxE_txbpX6wy5G5i3qwjgwfc8: "

This is an alias domain (the primary is .org) for the project. This domain is completely “stock” – a new domain, that we’re using Netlify DNS for, nothing custom about it whatsoever (I read previous answers that mention deleting old A records but that doesn’t apply here).

I checked everything and requested a renewal again and now get:

**Acme::Client::Error::RateLimited: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/**

The project name is dailydiff

Thank you!

Hey @mfan, thanks for reaching out!

I’ve taken a look at this and it seems like your DNS might be misconfigured on one of your domain aliases. Can you check the Domain settings for your site and let me know if you’re able to resolve the issue with the DNS configuration? Once that’s done we can attempt to renew the certificate again.

In the end I’m not sure exactly what it was. But what fixed it was that we removed the existing nameservers from our registrar, re-added them, and then added the domain aliases as normal. Thanks!

1 Like