Validation Failed on SAN cert for Exchange 2016

Using win-Acme to generate SAN cert for Exchange and I am receiving validation error below. I made sure the ports 80 and 443 were open and forwarded on my firewall.
How do I go about performing DNS validation of this?

A simple Windows ACMEv2 client (WACS)
Software version (release, trimmed, standalone, 64-bit)
Connecting to
Scheduled task not configured yet
Please report issues at GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)
Running in mode: Unattended
Source generated using plugin Manual: mail.*****.com and 1 alternatives

Cached order has status invalid, discarding
[] Authorizing...
.com] Authorizing using http-01 validation (SelfHosting)
[] Authorization result: pending
Create certificate failed: [owa.
.com] Validation failed
- No certificate generated

Before you switch to DNS validation it's worth understanding why your https validation is not working. DNS validation can be just a little more complicated than http validation and I don't know what providers win-acme supports (I develop - which is an alternative).

You may need to run your renewal in some sort of verbose/debug mode but if port 80 is definitely being forwarded to the correct server (this one) and there is nothing blocking/consuming port 80 it should just work. The most common reasons are port 80 is no longer open in Windows Firewall, or at the VM/cloud level, or the machine just needs a restart.

I'd also normally expect a slightly more detailed error message when validation fails.


thanks for your help. I moved on to a different DNS provider and trying to use API from Cloudflare and Acmv2 (cloudflare plugin)
Do I have to create any DNS records in Cloudflare? How can I get this to work please?
Any help would be greatly appreciated!
Thank You

Cached order has status pending, discarding
[] Authorizing...
[] Authorizing using dns-01 validation (Cloudflare)
Unable to find or contact authoritative name servers for Query 14704 => com IN NS on timed out or is a transient error.
[] Error preparing for challenge answer
Create certificate failed: [] Error preparing for challenge answer
- No certificate generated


The ACME CloudFlare DNS plugin (with proper API creds) should do all that work for you.


Do you have a firewall blocking outgoing connections? It's failing to query google dns servers to check your dns record.