Validation of the required challenges - Unauthorized

IS on Windows Server 2019
Certificate request fails with :
Invalid response from []: p://
!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “”>\r\n<html xmlns=“http” Forbidden urn:ietf:params:acme:error:unauthorized

It’s easier if you share your real domain but http validation (the default validation method) requires that the machine responds on http port 80 with the challenge response. This is to prove you control the server for the given domain that you want to include on your certificate.

So that means your firewall needs to be open on tcp port 80 and http requests to need to be answered by your server running Certify The Web.

There are various reasons this can go wrong but they are all under your control. If you cannot use HTTP validation then you can alternatively use DNS validation.

If you require detailed support that is also available at support at for our licensed customers.

Here’s more of the log

2022-01-27 04:10:14.987 -05:00 [INF] Checking URL is accessible: [proxyAPI: False, timeout: 5000ms]
2022-01-27 04:10:15.176 -05:00 [INF] (local check) URL is accessible. Check passed. HTTP OK
2022-01-27 04:10:15.177 -05:00 [INF] Requesting Validation:
2022-01-27 04:10:15.217 -05:00 [INF] Attempting Challenge Response Validation for Domain:
2022-01-27 04:10:15.217 -05:00 [INF] Registering and Validating
2022-01-27 04:10:15.217 -05:00 [INF] Checking automated challenge response for Domain:
2022-01-27 04:10:16.984 -05:00 [INF] Domain validation failed:
Invalid response from []: "\r\n<html xmlns=“http” Forbidden urn:ietf:params:acme:error:unauthorized
2022-01-27 04:10:17.487 -05:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed:

Hi, I’d guess that tcp port 80 was not being forwarded to the correct server. Let’s Encrypt will check your domain from the public internet using an http request, so the port 80 traffic needs to go to the server running Certify. It looks like you’ve got that working now?