Http challenge cannot be completed

Where this is what I am presently seeing (IPv4 only)

$ nmap
Starting Nmap 7.80 ( ) at 2023-02-05 22:19 UTC
Nmap scan report for (
Host is up (0.16s latency).
Not shown: 938 filtered ports, 58 closed ports
21/tcp  open  ftp
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 8.53 seconds
1 Like

They are now using the ddns domain Bruce


Yes I used Chrome to go to the url and I had this :

Yes, Chrome found the HTTP site because you have port 443 blocked and it could not find the HTTPS site. You need to get port 443 working

nmap -Pn -p80,443
rDNS record for
80/tcp  open     http
443/tcp filtered https

as mentioned in my first post, ports 80 and 443 are redirected to my server.

You might think that is true but it is not :slight_smile:


curl -I -m7
HTTP/1.1 200 OK
Server: Microsoft-IIS/10.0

curl -I -m7
curl: (28) Connection timed out after 7001 milliseconds

First, in my modem :

And in my router :

My bad. :frowning:


Yes, that looks OK as does your router.

Maybe you have something else blocking port 443. Or, maybe the router has a firewall setting that needs adjusting? Or, maybe the router is using port 443 for its own purposes? Or maybe just restart the router?

In any case, this is just a comms config or possible server config problem. Once that is resolved HTTPS and the cert should work fine.

There is nothing I see that would be "fixed" by using a different domain name


@Kratos You might also try posting on the Certify the Web forum. Chris (webprofusion), the author of Certify, often checks in here but you might get quicker response there.

Even refer to this thread showing we checked out the basics but it might be something unique to Windows. I don't know IIS very well and perhaps it's some port or binding issue.


I configured the certificate on the ddns, this part is OK.
When I try to reach : IIS answer correctly.
But httpS:// doesn't answer at all.
I checked the firewall in my router but I didn't see anything that can block it.

I agree. I don't see anything yet but something very definitely is. See my post just prior to yours. We cross-posted. I'm pretty sure at Certify they'll find it quick.


It's ok it works !
In IIS, the link to https was not present

I added it and now I got https on my ddns :slight_smile:

Thanks a lot for your time all, your help is really appreciated !


Just as a follow up, if you define your IIS http binding with a hostname then Certify can automatically create that corresponding https binding (which should be SNI, just in case you haven't set that).

If instead you manually enter domains into the app it will add them to the certificate, but it doesn't know which IIS site to apply the binding for without a matching hostname (some users have many thousands of websites on the same server). You can see what Certify plans to do for your next renewal on the Preview tab, which should now show the planned update to the https binding under the Deployment section (scroll down to see that).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.