Cannot renew certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
creativequest.site
I ran this command:
certbot -v --apache
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: creativequest.site

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Certificate is due for renewal, auto-renewing...
Renewing an existing certificate for creativequest.site
Performing the following challenges:
http-01 challenge for creativequest.site
Waiting for verification...
Challenge failed for domain creativequest.site
http-01 challenge for creativequest.site

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: creativequest.site
Type: connection
Detail: 82.112.240.88: Fetching http://creativequest.site/.well-known/acme-challenge/pltNMVvqlETr4jbgdw134kRgdsOAvvCB9V8bZsTY-dE: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
Apache 2.4.52
The operating system my web server runs on is (include version):
Ubuntu 22.04
My hosting provider, if applicable, is:
Hostinger
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.11.0

Hi @shamsuddin82, and welcome to the LE community forum

Is there any Geo-Blocking?
OR
Have you made any firewall changes since that message?

I'm able to reach the site via HTTP:

curl -Ii4 creativequest.site/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 302 Found
Date: Mon, 21 Oct 2024 11:50:06 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: https://creativequest.site:443/.well-known/acme-challenge/Test_File-1234
Content-Type: text/html; charset=iso-8859-1

[the redirect seems unnecessary (for the challenge requests)]

Please show:
sudo apachectl -t -D DUMP_VHOSTS

also: you might want to add the "www" to the site/cert request

Name:    creativequest.site
Address: 82.112.240.88
Aliases: www.creativequest.site

Please show:
sudo apachectl -t -D DUMP_VHOSTS

root@cyber:~# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 creativequest.site (/etc/apache2/sites-enabled/openproject.conf:4)
*:443 is a NameVirtualHost
default server creativequest.site (/etc/apache2/sites-enabled/openproject-le-ssl.conf:2)
port 443 namevhost creativequest.site (/etc/apache2/sites-enabled/openproject-le-ssl.conf:2)
port 443 namevhost creativequest.site (/etc/apache2/sites-enabled/openproject.conf:10)

also: you might want to add the "www " to the site/cert request

How do I do that?

Let's see this file:

ServerAlias

I don't know how but the certificate is renewed now without error. Thanks