SniCertificate::CertificateInvalidError: Unable to verify challenge for *.bugfactory.io

Could someone help me with this?

*SniCertificate::CertificateInvalidError: Unable to verify challenge for .bugfactory.io

We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved. Check our troubleshooting guide for more information on how to fix the problem, and then renew the certificate.

Unfortunately, the troubleshooting guide doesn’t help me. If I remember correctly, this is the first renewal since switching to Netlify DNS, so this could be the culprit.

Hi, @bugfactory, and welcome to our Netlify community site.

This domain is configured to use Netlify DNS here:

https://app.netlify.com/account/dns/bugfactory.io

However, it isn’t using our name servers when I checked:

$ whois bugfactory.io | grep "Name Server"
Name Server: NS-1608.AWSDNS-09.CO.UK
Name Server: NS-702.AWSDNS-23.NET
Name Server: NS-346.AWSDNS-43.COM
Name Server: NS-1115.AWSDNS-11.ORG
Name Server: NS-1115.AWSDNS-11.ORG
Name Server: NS-1608.AWSDNS-09.CO.UK
Name Server: NS-346.AWSDNS-43.COM
Name Server: NS-702.AWSDNS-23.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:

This is preventing the SSL certificate renewal. The solutions for this are to do one (either/or) of the things below:

  • delete the Netlify DNS configuration
  • make the switch to Netlify DNS by changing the name servers at the registrar to the ones in the Netlify DNS configuration

The instructions to change the name servers are (if I am not mistaken) found here:

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html#updating-name-servers-other-dns-service

​Please let us know if there are questions about either solution and we’ll be happy to answer.

Thank you, Luke! Based on your reply, I have been able to fix the issue.