From 8f7dd7ce24a8fbb4c0fc027ec88553353610370b Mon Sep 17 00:00:00 2001
From: Aleksander <170264518+t-aleksander@users.noreply.github.com>
Date: Wed, 29 Apr 2026 11:12:06 +0200
Subject: [PATCH] inform user about common causes

---
 src/acme.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/acme.rs b/src/acme.rs
index 92624c8..55a7f7a 100644
--- a/src/acme.rs
+++ b/src/acme.rs
@@ -7,7 +7,7 @@ use anyhow::{Context, anyhow};
 use axum::{Router, extract::Path, routing::get};
 use instant_acme::{
     Account, AccountCredentials, ChallengeType, Identifier, LetsEncrypt, NewAccount, NewOrder,
-    RetryPolicy,
+    OrderStatus, RetryPolicy,
 };
 use serde::Deserialize;
 use tokio::{
@@ -291,6 +291,13 @@ pub async fn run_acme_http01(
     }
 
     let status = validation_result?;
+    if status == OrderStatus::Invalid {
+        return Err(anyhow!(
+            "Domain validation failed. The ACME server could not verify ownership of '{domain}'. \
+             Common causes: DNS not pointing to this server, a firewall blocking port 80, \
+             or the wrong domain name was used. Please fix the issue and try again."
+        ));
+    }
     info!("Domain validation complete, order status: {status:?}");
 
     // Domain validated; finalizing order and retrieving the certificate.