SniCertificate::CertificateNonvalidError: Unable to verify challenge for : DNS problem: NXDOMAIN looking up TXT

Support
1

My domain is dreambold.net, and the SSL was working fine before. But now, as I try to renew the SSL cert, it shows the error message:

SniCertificate::CertificateNonvalidError: Unable to verify challenge for dreambold.net: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.dreambold.net - check that a DNS record exists for this domain

Am not sure how I find the TXT record for my domain on Netlify. Did anyone have this kind of issue?

2

Hi @dreambold,

Thanks for reaching out and welcome to Netlify’s Support Forums!

Did you recently make any changes to your name servers at your registrar for dreambold.net?

I see here:

screenshot
screenshot1262×1164 144 KB

That some locations are using awsdns-62.com name servers.

I’m also seeing aawsdns-62.comname server respond:

dig dreambold.net NS +trace | tail -n 6
dreambold.net.		172800	IN	NS	dns1.p01.nsone.net.
dreambold.net.		172800	IN	NS	dns2.p01.nsone.net.
dreambold.net.		172800	IN	NS	dns3.p01.nsone.net.
dreambold.net.		172800	IN	NS	dns4.p01.nsone.net.
;; Received 128 bytes from 205.251.193.245#53(ns-501.awsdns-62.com) in 40 ms

We have a Support Guide that explains inactive DNS Zones and how to detect and fix:

Please read through the guide and let us know if you have any questions.

3

So what am I supposed to do now?

4

read the guide and if you are still confused I’d recommend reaching out to the servicer.

5

netlify dns problem: nxdomain looking up txt for _acme-challenge.dreambold.net - check that a dns record exists for this domain

Now I see this warning, where can I find the txt record to add on AWS?

6

Hi, @dreambold. You cannot do this:

That isn’t possible above. You need to use one of the two solutions from the support guide:

I have an inactive DNS zone at Netlify. How do I fix it?

There are two very different solutions:

  1. Delete the inactive DNS zone and use our external DNS instructions .

or:

  1. Activate the inactive DNS zone.

I would recommend the first solution above. To complete that process you would do the following:

  1. Delete the inactive DNS zone here: https://app.netlify.com/account/dns/dreambold.net
  2. Create the required the DNS records as documented in the external DNS instructions.
  3. I would also recommend making the www subdomain the primary domain for the site.
  4. Click the “Renew certificate” button in the site’s SSL settings.

If that doesn’t resolve the issue or if there are questions, please let us know.

7

Should I follow the APEX domain? Configure external DNS for a custom domain | Netlify Docs

The domain is registered on AWS route53

8

Hi @dreambold,

Thanks for the follow-up.

When configuring DNS, you’ll want to use either External DNS, or Netlify DNS, not both at the same time. Having both setup could cause issues with provisioning the SSL Certificate as mentioned in the Support Guide.

If you don’t want to use Netlify DNS, you’ll want to configure the External DNS.

For dreambold.net you would point an A Record to 75.2.60.5.

For www.dreambold.net you want an A Record that points to dreambold.netlify.app.

Note these changes will need to be made at your registrar for the domain.

Additionally, you’ll want to delete the DNS Zone here by scrolling down to the bottom of the page and clicking on the read Delete DNS Zone button.

9

Adding A record fixed the issue, thank you!