SniCertificate::CertificateNonvalidError: Unable to verify challenge for : DNS problem: NXDOMAIN looking up TXT

My domain is, and the SSL was working fine before. But now, as I try to renew the SSL cert, it shows the error message:

SniCertificate::CertificateNonvalidError: Unable to verify challenge for DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists for this domain

Am not sure how I find the TXT record for my domain on Netlify. Did anyone have this kind of issue?

Hi @dreambold,

Thanks for reaching out and welcome to Netlify’s Support Forums!

Did you recently make any changes to your name servers at your registrar for

I see here:

That some locations are using name servers.

I’m also seeing aawsdns-62.comname server respond:

dig NS +trace | tail -n 6		172800	IN	NS		172800	IN	NS		172800	IN	NS		172800	IN	NS
;; Received 128 bytes from in 40 ms

We have a Support Guide that explains inactive DNS Zones and how to detect and fix:

Please read through the guide and let us know if you have any questions.

So what am I supposed to do now?

read the guide and if you are still confused I’d recommend reaching out to the servicer.

netlify dns problem: nxdomain looking up txt for - check that a dns record exists for this domain

Now I see this warning, where can I find the txt record to add on AWS?

Hi, @dreambold. You cannot do this:

That isn’t possible above. You need to use one of the two solutions from the support guide:

I have an inactive DNS zone at Netlify. How do I fix it?

There are two very different solutions:

  1. Delete the inactive DNS zone and use our external DNS instructions .


  1. Activate the inactive DNS zone.

I would recommend the first solution above. To complete that process you would do the following:

  1. Delete the inactive DNS zone here:
  2. Create the required the DNS records as documented in the external DNS instructions.
  3. I would also recommend making the www subdomain the primary domain for the site.
  4. Click the “Renew certificate” button in the site’s SSL settings.

If that doesn’t resolve the issue or if there are questions, please let us know.

Should I follow the APEX domain? Configure external DNS for a custom domain | Netlify Docs

The domain is registered on AWS route53

Hi @dreambold,

Thanks for the follow-up.

When configuring DNS, you’ll want to use either External DNS, or Netlify DNS, not both at the same time. Having both setup could cause issues with provisioning the SSL Certificate as mentioned in the Support Guide.

If you don’t want to use Netlify DNS, you’ll want to configure the External DNS.

For you would point an A Record to

For you want an A Record that points to

Note these changes will need to be made at your registrar for the domain.

Additionally, you’ll want to delete the DNS Zone here by scrolling down to the bottom of the page and clicking on the read Delete DNS Zone button.

Adding A record fixed the issue, thank you!