Looks like this validation is near impossible to setup in IIS as it requires exclusive access to port 443 which would bring all our sites down whenever renewing.
I will have a look at configuring DNS-01 validation which might be a better option. Thanks again for your amazing help! So much appreciated!