Windows Server 2012 R2 - IIS - Implementation Help

Windows firewalls are off
Certify on the web was installed with a contact registered w/ “Let’s Encrypt”

Here is the setup:
Select Site: Default Site
domain:***db2.
Authorization: defaults
Deployment: Single Site → binding hostname not specified (add or update https bindings as required)
IIS binding: Auto create/update

Request Certificate (then I get the following, new to this just trying to understand what I am doing wrong)

] [Progress] Validation failed: db2.***********.com [dns]
Response from Certificate Authority: : Fetching http://db2..com/.well-known/acme-challenge/0
******: Timeout during connect (likely firewall problem) [BadRequest :: urn:ietf:params:acme:error:connection]
2023-10-18 19:57:03.426 -05:00 [ERR] Validation of the required challenges did not complete successfully. Validation failed: **************db2.****************.com [dns]

debug tool shows: but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

I believe this server is locked down to 443, would I be better off using DNS VS the HTTP acme? OR am I missing something simple.

Hi Chris, I replied to your support ticket but yes if you want to use the default HTTP validation then you need to open port 80 (the app has it’s own temporary listener, so you don’t strictly need port 80 IIS bindings). HTTP Validation (http-01) | Certify The Web Docs

DNS validation is an option instead, but it’s generally a little more complex to setup and it depends if your domain DNS provider supports automation (and we support them). HTTP Validation (http-01) | Certify The Web Docs

There’s also the option of using our Certify DNS managed dns challenge service (which can be licensed via Azure Marketplace etc). Certify DNS | Certify The Web Docs