SniCertificate::CertificateInvalidError: Unable to verify challenge for *our domain*


We are having trouble with our Let’s Encrypt certificate. It seems to have expired and upon clicking renew we the following error:

SniCertificate::CertificateInvalidError: Unable to verify challenge for our domain

Any ideas on how to resolve this issue? We are currently stuck with this issue.

Any help you can provide would be great!



Hi, I looked into this and I believe something unusual is happening with this site’s Managed DNS. I have created a support ticket for this issue and we’ll follow-up with you there.


i have the same problem for two days now.
If someone finds a solution would be great.


my problem was that i didn’t have a CNAME on mysubdomain pointing to my netlify site,
maybe this can help you too

hey @siblancoMember! Just to clarify, does that mean that you fixed your issue?

I also started having this issue 2 days ago.

I clicked the “Renew Certificate” button manually on netlify and it magically started working again (despite not changing any DNS settings before or after clicking the button).

I have the same issue, but clicking on “Renew Certificate” doesn’t solve the problem.

I have custom domain with Netlify DNS ( And custom headers:

  for = "/*"
    Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
    X-Content-Type-Options = "nosniff"
    Content-Security-Policy = "connect-src 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'none'; style-src 'sha256-u416R1BFbASVCPBGPpFw1jm2QrBLAUMFTJ0bbQVFHiw='; script-src 'sha256-24UQLHsa8ThXHBWjsc4XLCjrOBZeZ3eMW7T+4AUpDUk=' 'self'"