I wanted to share some information for those using Apache. I actually started to post this as a question here, when the solution hit me during my entry of the description of my own problem.
We host our own web server with a couple of different additional domains (SAN)
We already had an SSL with goDaddy. It expires in a few weeks.
Our primary web domain is NOT hosted on our own server however. Just the other SANs.
Our primary web domain points, on our Registrar DNS host records, to an external host. (We have to put it there because we and other branches of the organization all have to “hotel” together under that system).
Installed CTW. Configured it. Ran the test and it would fail with
"Could not verify http://oursite.ca/.well-known/acme-challenge/configcheck "
Well, of course. Because going to our primary domain would then say hey… go to that external server, and CTW cannot access that .well-known folder from this local server.
The fix is to edit the Windows Hosts file and put the web domain in there. It will only affect that server you are doing it on, and it takes precedence over any external DNS records (from our registrar).
Now when you run the test, it will succeed, because it will reference the local machine that Apache is running on, and your apache.conf (or vhosts.conf file) will have the correct local pointer to the directory and path for seeing the check files the program needs to access.
Now even though your main web domain is hosted externally, and your other SANs are internal, you can complete the test/verification process.
I uh… have not tried the actual certificate deployment yet. But if the test works… ? I’ll let you know.