Unable to use acme.sh with tls-alpn-01 to renew or issue a certificate

Question

According to the official ACME.SH documentation link, issuing a certificate is as simple as running the following command:

$ acme.sh --issue --alpn -d example.com

However, I am getting the following error

Error, can not get domain token entry example.com for `tls-alpn-01`
The supported validation types are `http-01` `dns-01` , but you specified: `tls-alpn-01`

I have tried switching from the default ZeroSSL.com to BuyPass.com, but that does not help. It seems that these providers do not allow tls-alpn-01 validation method, but it could be related to something that I am missing.

PS: To preemptively answer some questions:

1. I have a valid domain that I replaced with "example.com"
2. The site is functional on a 443 port, but port 80 is blocked by ISP, hence tls-alpn-01
3. I am stopping Nginx, and then checking with netstat that port 443 is not bound to a service.
4. When I run the script with --debug 2 parameter, I get the following value for _authorizations_map variable

_authorizations_map='example.com,{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2021-08-18T22:53:50Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/wYehJ8kQjUDiDadBJ12qKw", "status":"pending","token":"Sfga2N2KwV-2hg3wo1gYAoyFvqV87dRvG2sHw4I6ups"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/CkrMQdEJthf-TmWvllW-Bg", "status":"pending","token":"_AlgMGzIfSQs7673Su-njnpieba_zLpSYxiUdXDEFnz"}]}'

Answer 1

Same problem, I switched from ZeroSSL to Let's encrypt CA and now it works without problems.

https://community.letsencrypt.org/t/the-acme-sh-will-change-default-ca-to-zerossl-on-august-1st-2021/144052

Edit: oops, sorry. To tell acme.sh to use Let's encrypt CA use:

acme.sh --set-default-ca --server letsencrypt and then try to issue again the certificate in tls-alpn-01 mode