With http validation (the default) the machine running Certify The Web needs to be the same machine that's responding to the Let's Encrypt http validation (so that the app can provider the http validation response).
What is 177.23.139.162 - is it your server, a firewall, a router etc?
Your Unifi guide is cool, but it used DNS validation and you're currently trying to use http validation instead (did you mean to use DNS validation instead?).
Regarding your guide, the extra steps to convert the pfx into a format that unifi likes are probably not entirely necessary, you most likely just need to set a password on the default pfx the app produces (Certificate > Advanced > Signing & Security), you may also want to set the "preferred chain" to ISRG Root X under Certificate > Advanced > Certificate Authority so that your PFX contains the correct chain).
By "client" do you mean this works with another "ACME Client" or a different customer?
When you perform http validation using Certify The Web by default it starts up it's own http challenge listener on port 80, sitting in front of IIS (this does not work if you are using a different webserver such as Apache or nginx because these do not support port sharing).
Great, so http://redacted.ddns.net/.well-known/acme-challenge/configcheck is a url that becomes active during Test.
You can try this URL on your phone using your mobile data (so that you're accessing from an external network, not corporate WiFi etc).
Normally this will return a 404 or other page not found type result, but during Test it will resolve to 'OK'.
If during 'Test' it still does not resolve to OK then it would appear that port 80 is being forwarded to the wrong server [http via port 80 must reach your machine running Certify The Web, nothing else]. Once you have this resolving to OK during test from the public internet, http challenges will work.
SOLVED!
It was an NVR that had port 80 enabled and strangely "walked over" the router. I changed his port to 8001 and it solved!
You can lock the topic. Note: I know this can help other people, but wouldn't it be interesting to delete the address of the posts above or mask it to avoid problems for my costumer?
Now that the problem is solved, I edited the posts to change the subdomain to the word "redacted". I hope that's helpful.
(For future posters, providing the real hostname is very helpful for debugging, because people on the forum will run live tests on your domain in order to diagnose problems for you. If you don't provide the real domain name initially, they won't be able to do so.)