Ssl on iis 10 and exchange 2019

My domain is:
mail.gazelkin.ru
I ran this command:

wacs.exe --target manual --host mail.gazelkin.ru,exc.gazelkin.ru,autodiscover.gazelkin.ru --store centralssl --centralsslstore “C:\Central SSL” --installation iis,script --installationsiteid 1 --script “./Scripts/ImportExchange.ps1” --scriptparameters “’{CertThumbprint}’ ‘IIS,SMTP,IMAP’ 1 ‘{CacheFile}’ ‘{CachePassword}’ ‘{CertFriendlyName}’”

It produced this output:

A simple Windows ACMEv2 client (WACS)
Software version 2.1.10.896 (RELEASE, PLUGGABLE)
ACME server https://acme-v02.api.letsencrypt.org/
IIS version 10.0
Running with administrator credentials
Scheduled task is disabled
Scheduled task exists but does not look healthy
Please report issues at https://github.com/win-acme/win-acme
Running in mode: Unattended
Target generated using plugin Manual: mail.gazelkin.ru and 2 alternatives
Unable to decrypt configuration value, may have been written by a different machine.
Overwriting previously created renewal

[exc.gazelkin.ru] Authorizing…
[exc.gazelkin.ru] Authorizing using http-01 validation (SelfHosting)
[exc.gazelkin.ru] Authorization result: invalid
[exc.gazelkin.ru] {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from https://exc.gazelkin.ru/.well-known/acme-challenge/_ncbQ8TX5xtW38Y_AD_GXmV4fuo9RnJBDXHneVwaRkw [77.243.83.103]: 404”,
“status”: 403
}
Create certificate failed: [exc.gazelkin.ru] Validation failed

My web server is (include version):
IIS 10
The operating system my web server runs on is (include version):
Windows 2019

Exchange 2019

I created the file manually and it is available https://exc.gazelkin.ru/.well-known/acme-challenge/va

whats wrong?

Are you using the manual target because you’re load balancing? If not it’s generally it’s better to let the app do all the work for validation.