TLS Won't Renew – Challenge Failure

A few weeks ago I got TLS renewal errors (“has multiple A records”). Based on help articles, I made www the primary domain. Now I’m getting “SniCertificate::CertificateInvalidError: Unable to verify challenge for *” instead. I searched the troubleshooting page I was directed to and it had no info about the challenge.

I’m using netlify’s DNS which gives very few options that I can configure. What can I do to get this working?

hey curi, which domain is this regarding?