Http challenge cannot be completed

Hi all !

I'm having trouble with installing a certificate on my server at home.

My domain:

This domain is registered with LWS, and is redirected to a no-ip to reach a pc that acts as a server at my home.
The PC is running Windows 10 pro with IIS (v10).

My setup is as follows:
Orange internet box with ports 80 and 443 redirected to my Asus router, then to my server PC.
The IIS server is accessible from the outside, I have webservices that respond very well to mobile applications that I develop, so far so good.

Wanting to switch to https I initially used "Certify the web" directly on my no-ip and the whole process was OK. On the other hand, the passage in https was not done.

I understood that I needed a real domain name, that's why I took one from LWS and redirected it to my no-ip.

I deleted my certificate in "Certify the web" to recreate one with the new domain name.

Since then, the configuration test fails with the message "Could not verify URL is accessible:" although the "configcheck" file is created correctly.

I confess to being lost, do you have an idea please?

Thanks a lot

1 Like

Welcome to the community @Kratos

When I try that acme challenge URL I get a 404 Not Found from an nginx server. If your "configtest" file exists I should be getting its contents and not a 404.

Requests for your home page get redirected by nginx to IIS with a 200 OK.

Do you know why I am seeing nginx?

(home page)
curl -I
HTTP/1.1 301 Moved Permanently
Server: nginx

curl -I
HTTP/1.1 200 OK
Server: Microsoft-IIS/10.0

(ACME challenge test response from nginx)
curl -I
HTTP/1.1 404 Not Found
Server: nginx


Addresses: 2a00:7ee0:1:0:3:39:0:ff9


Hello Mike and rg305,

Thank you for your answers.

I don't know anything about nginx.
I guess it comes from LWS that provide my domain name, no ?

I confirm that my configcheck file is created :

But maybe the right solution would be to succeed in getting the https on my no-ip if possible?
It would simplify the system.

Your DNS for is pointing to two IP addresses as shown by rg305 post just before. One is for IPv4 and one for IPv6

A request to will go to one of those IP addresses and we must find the challenge check file there. We are not seeing that. Do you recognize either of the IP addresses for that domain?

And, yes, if you don't know what the nginx is or these IP addresses you might be better off just working with your ddns domain directly.


Supplemental information from my IPv4 only location

$ curl -Ii
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 05 Feb 2023 20:13:15 GMT
Content-Type: text/html
Connection: keep-alive
Accept-Ranges: bytes

$ nmap
Starting Nmap 7.80 ( ) at 2023-02-05 20:14 UTC
Nmap scan report for (
Host is up (0.17s latency).
Other addresses for (not scanned): 2a00:7ee0:1:0:3:39:0:ff9
Not shown: 937 filtered ports, 59 closed ports
21/tcp  open  ftp
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 7.34 seconds
1 Like

Are the IP address provided by LWS for my domain. is my IP at home

I disabled IP v6 to see if that improves the situation.
But if it doesn't work, I understand that I can use directly my ddns.

OK. They must be running some sort of redirection service for you. And, that their service is powered by nginx. Although, it is odd that they would reject the /acme-challenge URL with a 404 error and not simply redirect it.

You might want to ask LWS why they issue the 404 instead of redirecting

Still, if later you want to be using HTTPS to access you will need that nginx service to have a valid cert for that domain. If you can't control it I don't think this is workable solution.


I got some options to manage the redirection from LWS :

I tried the 3 first options, nothing changed.

Generally these kinds of redirection services don't work with HTTPS very well

It is not unique to Let's Encrypt. For example, the redirect you show sends all requests to HTTP. But, it can't handle a request for HTTPS:// without its own cert for that name.

And, as noted, I do not understand how it can issue a 404 (see my post #2). Maybe another volunteer will see something I don't but I really don't think that can work. Sometimes these services allow you update the DNS directly rather than using a redirect service. That might work. But, LWS knows their system better than we do.


You could try creating a "www" entry in the .fr domain.
Then you can CNAME that to the domain.


Yes there is something about the DNS zone, but I don't understand anything... pfff :frowning:

At the moment, there is this :

Must I replace it ?

Try removing the redirection at the .fr domain.


Yes, change the "@" to ""


OK it's done.

For now, it still doesn't work.

But guys, if you tell me that I can have https on my ddns, I will try it again and stop paying for a useless domain :slight_smile:

I think it should work.

In fact, I see you got a cert for that name (link here) so that means it can work. You just have to ensure your web server is configured properly. And, Certify usually does great for IIS so please explain what went wrong


yes I managed to have the certificate on the ddns.
The problem is that the https did not appear on my url

Can you describe that in more detail? Like, did you use a browser to try that URL and what was the message? Or, was there some other issue?


Oh, I see you have port 443 blocked probably by a firewall. Have you checked your router and any port forwarding?