SniCertificate::CertificateNonvalidError: Unable to verify challenge for


I am having issues with certificate renewal:
**SniCertificate::CertificateNonvalidError: Unable to verify challenge for No TXT record found at**

My Netlify site name is :
And the custom domain is : ****-*****.fr

Help much appreciated,


Hey there, @David_Gourdet :wave:

Thanks for reaching out, and welcome to the Netlify Forums!

So this error essentially means “we tried to make a wildcard certificate since you have DNS hosting enabled. However, the DNS record we made was not found by lets encrypt, so provisioning failed.” What this means is that you have an inactive DNS zone that you will need to disable before we can extend the certificate to your site.

You can follow this support guide to walk through deleting inactive DNS:

Let me know if this gets you on the right path!

Hey Hillary, @hillary

Thanks for the quick reply and the link to the support guide.
I’m a little confused though because I’m not sure if the DNS zone mentionned is the Netlify one or the one from the external register of the custom domain?

Thanks a lot for your help,


Hi @David_Gourdet,

We’ve deleted the DNS Zone (as it was inactive) and renewed the certificate from our end.

Thanks a lot @hrishikesh!
It’s working perfectly now :slight_smile:

dig NS +trace | tail -n 6		3600	IN	NS		3600	IN	NS		3600	IN	NS		3600	IN	NS
;; Received 132 bytes from in 20 ms

I’m still getting an error message:

Acme::Client::Error::RateLimited: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

Any help would be very appreciated. Thank you!

As mentioned by the error, you’re now seeing Lets Encrypt rate limit, which goes on for 7 days. You can now only wait for that to pass or use custom SSL certificate.

Ok, thank you for your help!