I can't connect to that IP address on any port. It seems to belong to WC Tel (West Carolina Tel), but I can't find anything about carrier grade NAT for that ISP. Also whois 164.153.58.248 doesn't tell me much either.
Besides the curl OpenDNS command, how did you find your external IP address? To know for sure, you should check the WAN IP address of the modem which is connected to whatever connection WCTel is providing to your home.
I think it's the cert, as the picture above notes, "The website does not supply ownership information."
I'm going to take my server over to my daughter's house tomorrow. She has Vyve broadband, which i had before when my certs worked. Delete the cert the run:
"sudo certbot --apache" and see if it creates one. I'll update this thread after doing so..
Why would you delete the certificate for goodness sake? There are better ways to check the connectivity, no reason to delete a perfectly fine certificate!
Also, the notion "The website does not supply ownership information" is expected from a DV certificate, as it's not an OV certificate. So no issue there: it's not an error of any kind. That's perfectly fine.
Because I am currently trying the DNS01 challenge and it doesn't seem to work. I'll remove the txt record from the dns management on godaddy and just create a regular cert the way i know works...
So you've managed to get a certificate using the dns-01 challenge successfully? (Four of them apparently...) Why would that lead to your conclusion "and it doesn't seem to work"? Problems with your network connectivity, either being CG-NAT or something much more simpler as missing NAT portmaps in your CPE, would not have been magically fixed by getting a cert using the dns-01 challenge. (Unless your ISP would be blocking port 80, but allowing port 443, but we probably would have seen that earlier already.)
So I fail to see the relationship between those conclusions you seem to have. And thus I don't see why removing a perfectly fine cert would help your connectivity issue? Nor debugging it. You can use the staging server with a different --cert-name to debug the http-01 challenge without deleting the already issued certificate(s).
You're right. I'm probably grasping at straws. My server and certs worked fine while on Vyve, i moved to where i am on Wctel where it doesnt work. When i tried to get a new cert, it the certbot info said no A or AAAA record. I searched google and some suggested get a domain, so i bought one. Before that i was just using duckdns which worked fine for me. After buying the domain it still didn;t work, I then started this thread. One of the options were to try using DNS01 challenge. It's not working, so it probably won't due to the CGNAT of Wctel. I'm not going to bother them because ill be moving in a couple weeks to another place that also has Wctel and i'll work with them from that location.
I don't mean to ruffle any feathers. Just doing my best to figure it out. 1st time certs not working, so i have no background in troubleshooting or making it work...
But that's the incorrect conclusion. Or perhaps I don't understand you correctly. Because it's not the certificate that isn't working: once you've issued one using the dns-01 challenge (which could be automated by the way, possibly giving you a nice wildcard cert if you're interested). That issued cert is just fine. It's your connectivity that's at fault. And no certificate can fix that.
I assume you've checked for NAT portmapping on your own Wctel device? It looks like CG-NAT, but I haven't found definitive proof.
I'll hook up my server to my daughters network tomorrow and see if it just all works without deleting the cert or trying to make a new one. I'll update the thread at that time.. Thanks...