SniCertificate::CertificateInvalidError: Unable to verify challenge for my domain


I’ve been using Netlify for a couple of months now to host a small site and it’s works really nice, thank you! However, as the title already indicates, i noticed there is an issue with renewing the TLS certificate for my custom domains for

I have no clue when this problem exactly started, but it causes new visitors of the website to be warned by a message saying the connection is not private. Due to caching existing visitors are still able to visit the site, although that’s an offline version. That’s why i only noticed this issue yesterday.

The exact error message i get is as follows:

SniCertificate::CertificateInvalidError: Unable to verify challenge for
We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved. Check our troubleshooting guide for more information on how to fix the problem, and then renew the certificate.

I checked the troubleshooting guide but i am not able to figure out what’s wrong, as far as i know nothing has been changed.

The domains listed under ‘Custom Domains’ don’t show any warnings, which i saw they do when DNS is not configured properly.

Thanks in advance :slight_smile:


hi marco, i think this was temporary. seems to load fine now - sometimes DNS can take a little while to sort itself out.

Hi perry, Thanks for having a look at it, that’s interesting :thinking: Unfortunately i still get the connection not private message in my local network, but when i switch off wifi and use cellular data i can view the site with no problems, so it is indeed working. :slight_smile: Could it be that there is still an old DNS entry at my network provider or something? I also still see the error message in netlify.

i think it is likely still in your browser cache. have you tried in an incognito window?

Yes, in a normal window i can still see the offline cached version. The whole problem occurs when loading the site in an incognito window. I just checked, the problem still occurs.

:exclamation: Update from my side, it is working again. How you may ask? I removed some old AAAA records pointing to ip6 addresses of my previous hosting. Maybe it can be added to the documentation that these should be removed when using the A record pointing to the Netlify load balancer.

glad it is working again! i’ll check and see if our instructions can be made more clear. :muscle:

1 Like