I don't think you've provided enough information for anyone to even take a normal guess.
At this point, it would be a wild guess on my part.
If you could please provide more details.
Starting with: Answering the questions that are provided to all "Help" topics.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
And in addition...
Since you showed the error message "`Invalid domain`", the FQDN shown in that error message.
Since you mentioned "proxy", the proxy settings [as they relate to the FQDN involved].
Since you mentioned ports being forwarded, those firewall NAT settings as well.
Sending an ACME HTTP validation request to canyouseeme.org results in an unacceptable redirect. This is most likely a misconfiguration of your web server or your web application.
It appears that a redirect was generated by your web server that is missing a trailing slash after your domain name: https://canyouseeme.org.well-known/acme-challenge/letsdebug-test. Check your web server configuration and .htaccess for Redirect/RedirectMatch/RewriteRule.
@0ms: Making a request to http://canyouseeme.org/.well-known/acme-challenge/letsdebug-test (using initial IP 220.127.116.11)
@0ms: Dialing 18.104.22.168
@14ms: Server response: HTTP 302 Found
@14ms: Received redirect to https://canyouseeme.org.well-known/acme-challenge/letsdebug-test
A test authorization for canyouseeme.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
22.214.171.124: Fetching https://canyouseeme.org.well-known/acme-challenge/OLLFrrd9-QZAq1u2dNwJMGYG6kzwm0LXVX-DnFeqv64: Invalid host in redirect target "canyouseeme.org.well-known". Check webserver config for missing '/' in redirect target.