Validation Failed on SAN cert for Exchange 2016

Using win-Acme to generate SAN cert for Exchange and I am receiving validation error below. I made sure the ports 80 and 443 were open and forwarded on my firewall.
How do I go about performing DNS validation of this?

A simple Windows ACMEv2 client (WACS)
Software version (release, trimmed, standalone, 64-bit)
Connecting to
Scheduled task not configured yet
Please report issues at GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)
Running in mode: Unattended
Source generated using plugin Manual: mail.*****.com and 1 alternatives

Cached order has status invalid, discarding
[] Authorizing...
.com] Authorizing using http-01 validation (SelfHosting)
[] Authorization result: pending
Create certificate failed: [owa.
.com] Validation failed
- No certificate generated

Before you switch to DNS validation it's worth understanding why your https validation is not working. DNS validation can be just a little more complicated than http validation and I don't know what providers win-acme supports (I develop - which is an alternative).

You may need to run your renewal in some sort of verbose/debug mode but if port 80 is definitely being forwarded to the correct server (this one) and there is nothing blocking/consuming port 80 it should just work. The most common reasons are port 80 is no longer open in Windows Firewall, or at the VM/cloud level, or the machine just needs a restart.

I'd also normally expect a slightly more detailed error message when validation fails.


thanks for your help. I moved on to a different DNS provider and trying to use API from Cloudflare and Acmv2 (cloudflare plugin)
Do I have to create any DNS records in Cloudflare? How can I get this to work please?
Any help would be greatly appreciated!
Thank You

Cached order has status pending, discarding
[] Authorizing...
[] Authorizing using dns-01 validation (Cloudflare)
Unable to find or contact authoritative name servers for Query 14704 => com IN NS on timed out or is a transient error.
[] Error preparing for challenge answer
Create certificate failed: [] Error preparing for challenge answer
- No certificate generated


The ACME CloudFlare DNS plugin (with proper API creds) should do all that work for you.


Do you have a firewall blocking outgoing connections? It's failing to query google dns servers to check your dns record.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.