SniCertificate::CertificateNonvalidError: Unable to verify challenge for tete-haute.fr

Hello,

I am having issues with certificate renewal:
**SniCertificate::CertificateNonvalidError: Unable to verify challenge for tete-haute.fr: No TXT record found at _acme-challenge.tete-haute.fr**

My Netlify site name is : https://loving-spence-95c7c4.netlify.app/
And the custom domain is : ****-*****.fr

Help much appreciated,

David

Hey there, @David_Gourdet :wave:

Thanks for reaching out, and welcome to the Netlify Forums!

So this error essentially means “we tried to make a wildcard certificate since you have DNS hosting enabled. However, the DNS record we made was not found by lets encrypt, so provisioning failed.” What this means is that you have an inactive DNS zone that you will need to disable before we can extend the certificate to your site.

You can follow this support guide to walk through deleting inactive DNS:

Let me know if this gets you on the right path!

Hey Hillary, @hillary

Thanks for the quick reply and the link to the support guide.
I’m a little confused though because I’m not sure if the DNS zone mentionned is the Netlify one or the one from the external register of the custom domain?

Thanks a lot for your help,

David

Hi @David_Gourdet,

We’ve deleted the DNS Zone (as it was inactive) and renewed the certificate from our end.

Thanks a lot @hrishikesh!
It’s working perfectly now :slight_smile:
David

dig coreevoyage.fr NS +trace | tail -n 6
coreevoyage.fr.		3600	IN	NS	dns1.p04.nsone.net.
coreevoyage.fr.		3600	IN	NS	dns4.p04.nsone.net.
coreevoyage.fr.		3600	IN	NS	dns3.p04.nsone.net.
coreevoyage.fr.		3600	IN	NS	dns2.p04.nsone.net.
;; Received 132 bytes from 198.51.45.1#53(dns2.p01.nsone.net) in 20 ms

I’m still getting an error message:

Acme::Client::Error::RateLimited: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

Any help would be very appreciated. Thank you!

As mentioned by the error, you’re now seeing Lets Encrypt rate limit, which goes on for 7 days. You can now only wait for that to pass or use custom SSL certificate.

Ok, thank you for your help!