SniCertificate::CertificateNonvalidError: Unable to verify challenge for eaconsentai.fj-osouji.com:

ytanto · May 22, 2023, 2:01pm

The following error message appears in the certificate setup and cannot be updated.
It expires tomorrow and I would like to know how to solve this problem as soon as possible.

SniCertificate::CertificateNonvalidError: Unable to verify challenge for eaconsentai.fj-osouji.com: DNS problem: SERVFAIL looking up CAA for fj- osouji.com - the domain’s nameservers may be malfunctioning

SamO · May 22, 2023, 6:41pm

Hi,

Welcome to the forums thanks so much for reaching out! You are getting this error because your DNS zones have not migrated towards Netlify. Can you please check out this doc and fix? This doc explains how to configure your external dns

ytanto · May 23, 2023, 5:35am

CNAME is already set up,
The CNAME has already been set and has not been changed since the last certificate renewal date, “Apr 23 at 11:10 PM”.
What should I check?

jasiqli · May 23, 2023, 6:01am

fj-osouji.com is using Netlify DNS. If eaconsentai.fj-osouji.com is configured on a Netlify site, instead of a CNAME record you should see a NETLIFY.

Also of note is the record you have provided a screenshot of it not from Netlify. Where are you managing DNS records?

ytanto · May 23, 2023, 7:35am

The following site, お名前.com, manages the site.
https://cp.onamae.ne.jp/

jasiqli · May 23, 2023, 8:13am

What namservers are configured for the domain? Have you added the domain fj-osouji.com to Netlify DNS? If you have, and are not using Netlify DNS, the you need to remove those nameservers.

% whois fj-osouji.com | grep -E '^Name Server'
Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net

ytanto · May 23, 2023, 12:52pm

I reviewed the nameservers again and confirmed that Netlify’s DNS is set up.
However, the certificate error still persists.

ytanto · May 24, 2023, 2:17am

How about this one?
It has already expired and we are in trouble.

jasiqli · May 24, 2023, 3:39am

Hoping @luke can provide assistance here.

ytanto · May 24, 2023, 8:45am

How about this one?
It has already expired and we are in trouble.

jasiqli · May 24, 2023, 8:55am

If you are using fj-osouji.com to manage DNS and have a CNAME record pointing to your Netlify site, why is eaconsentai.fj-osouji.com in Netlify DNS?

If you are using external DNS the domain should not exist in Netlify DNS.

If you are using Netlify DNS the domain should not exist in another zone.

This is likely because there are no NS, A, CNAME, or other records to the apex domain fj-osouji.com. There is only records for the subdomain eaconsentai.fj-osouji.com.

ytanto · May 24, 2023, 12:18pm

I was able to review the settings and resolve the issue.
Thanks for your help. Thank you very much.

SamO · May 24, 2023, 12:22pm

Glad you got your site and cert up and running! Thanks for coming back and sharing with the community.

Topic		Replies	Views
How to fix "SniCertificate::CertificateNonvalidError: Unable to verify challenge for app.jaenitel.com: DNS problem: SERVFAIL looking up CAA for jaenitel.com - the domain's nameservers may be malfunctioning" Support deployment , netlify-dns-https-ssl	1	322	November 29, 2023
SniCertificate::CertificateInvalidError: Support netlify-dns-https-ssl	3	563	June 24, 2020
Error when trying to renew certificate error - SniCertificate::CertificateInvalidError Support netlify-dns-https-ssl	7	1495	February 27, 2020
SniCertificate::CertificateNonvalidError Support netlify-dns-https-ssl	1	187	October 4, 2023
Failed to renew TLS certificate. SniCertificate::CertificateNonvalidError: Unable to verify challenge Support netlify-newbie	2	479	December 21, 2023

SniCertificate::CertificateNonvalidError: Unable to verify challenge for eaconsentai.fj-osouji.com:

Related topics