Certificate request fails with secondary validation time out. I can see in the web server protection log viewer that the well known url is being requested with the unique value. I also briefly see that the temporary waf rule is created. Only thing to note is that the firewall is behind a router (DNAT in place and as mentioned i see the url being hit in the logs and the cert makes it to secondary validation unlike when there was no DNAT) and this is a bridged setup so no dedicated wan/lan.