Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: xceed.be
I'm using challenge:C:\HCL\Domino\data\domino\html.well-known\acme-challenge\PUHiHjNS9KKylgghcH3OJcWnG8EUCB18cuMplVg6DnY
It produced this output: Order's status ("invalid") is not acceptable for finalization
My web server is (include version): HCL Domino V11.0.1FP1
The operating system my web server runs on is (include version): Windows Server 2016
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
This doesn't make sense if you didn't allow any connection to port 80. If your clients are initiating connection from their end, they (as well as Let's Encrypt) will always try to connect to port 80 (http) first.
My test showed that your port 80 is filtered, and port 443 is actively listening to connection.
So if you wish to use HTTP-01 authorization, please allow traffic/connection to port 80. You can then make a blanketed redirect to https then.