SSL Certificate gives error

SniCertificate::CertificateNonvalidError: Unable to verify challenge for 2001:888:214f::525e:f616: Invalid response from 404

Sitename is //

I don’t really understand how to fix this.

It seems there are extra AAAA and A record on which does not point to Netlify. So, when Let’s Encrypt is trying to validate ownership, it fails.

You will want to remove those first.

If your DNS provider supports an ALIAS or flattened CNAME or ANAME record, you could point your domain to But if not, an A record to would work.

I currently have a CNAME record pointed at, could you elaborate why I should point it to instead of that?

Also, what is a flattened CNAME record, is that different from a normal CNAME record?

A flattened CNAME basically enable you to have a CNAME record for your root domain, in this case instead of an A record, enabling you to have a more robust configuration. Not all DNS provider supports it though. If yours doesn’t, the A record would work fine.

The DNS record should still point to of course.

So just one last question, the current situation is as follows:
I have 1 CNAME record from www to point to and 1 CNAME record from root (*) to point to It seems to work just fine as is, what is the benefit of pointing the root (or flattened) CNAME record to instead? Are there any resources I can read about this because before this thread I never read anything on this address.

It’s from:

To be completely honest with you, I’m not sure myself. Back then, I believe the instruction was CNAME from root domain to if your DNS provider supports it, otherwise A record.

Though I noticed that they recently changed it to point to a load balancer instead. But both would work just fine I assume.

1 Like

Thank you very much for the explanation, I will look into it myself as well. Have a great day!