This domain is registered with LWS, and is redirected to a no-ip to reach a pc that acts as a server at my home.
The PC is running Windows 10 pro with IIS (v10).
My setup is as follows:
Orange internet box with ports 80 and 443 redirected to my Asus router, then to my server PC.
The IIS server is accessible from the outside, I have webservices that respond very well to mobile applications that I develop, so far so good.
Wanting to switch to https I initially used "Certify the web" directly on my no-ip and the whole process was OK. On the other hand, the passage in https was not done.
I understood that I needed a real domain name, that's why I took one from LWS and redirected it to my no-ip.
I deleted my certificate in "Certify the web" to recreate one with the new domain name.
When I try that acme challenge URL I get a 404 Not Found from an nginx server. If your "configtest" file exists I should be getting its contents and not a 404.
Requests for your home page get redirected by nginx to IIS with a 200 OK.
Do you know why I am seeing nginx?
(home page)
curl -I kratosinferno.fr
HTTP/1.1 301 Moved Permanently
Server: nginx
Location: http://kratosinferno.ddns.net/
curl -I http://kratosinferno.ddns.net
HTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
(ACME challenge test response from nginx)
curl -I kratosinferno.fr/.well-known/acme-challenge/configcheck
HTTP/1.1 404 Not Found
Server: nginx
Your DNS for kratosinferno.fr is pointing to two IP addresses as shown by rg305 post just before. One is for IPv4 and one for IPv6
A request to http://kratosinferno.fr/... will go to one of those IP addresses and we must find the challenge check file there. We are not seeing that. Do you recognize either of the IP addresses for that domain?
And, yes, if you don't know what the nginx is or these IP addresses you might be better off just working with your ddns domain directly.
Supplemental information from my IPv4 only location
$ curl -Ii http://kratosinferno.fr/.well-known/acme-challenge/configcheck
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 05 Feb 2023 20:13:15 GMT
Content-Type: text/html
Connection: keep-alive
Accept-Ranges: bytes
$ nmap kratosinferno.fr
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-05 20:14 UTC
Nmap scan report for kratosinferno.fr (91.216.107.49)
Host is up (0.17s latency).
Other addresses for kratosinferno.fr (not scanned): 2a00:7ee0:1:0:3:39:0:ff9
Not shown: 937 filtered ports, 59 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 7.34 seconds
OK. They must be running some sort of redirection service for you. And, that their service is powered by nginx. Although, it is odd that they would reject the /acme-challenge URL with a 404 error and not simply redirect it.
You might want to ask LWS why they issue the 404 instead of redirecting
Still, if later you want to be using HTTPS to access kratosinferno.fr you will need that nginx service to have a valid cert for that domain. If you can't control it I don't think this is workable solution.
Generally these kinds of redirection services don't work with HTTPS very well
It is not unique to Let's Encrypt. For example, the redirect you show sends all requests to HTTP. But, it can't handle a request for HTTPS://kratosinferno.fr without its own cert for that name.
And, as noted, I do not understand how it can issue a 404 (see my post #2). Maybe another volunteer will see something I don't but I really don't think that can work. Sometimes these services allow you update the DNS directly rather than using a redirect service. That might work. But, LWS knows their system better than we do.
In fact, I see you got a cert for that name (link here) so that means it can work. You just have to ensure your web server is configured properly. And, Certify usually does great for IIS so please explain what went wrong