My domain is:
ai.sarmadzhiev.com

I ran this commands: (those used to work)
sudo certbot renew
sudo certbot renew -w /path_to_workfolder

and all options, stopping the server, using standalone, and etc.

It produced this output:

(base) nikolaymini@Nikolays-Mac-mini httpd % sudo certbot certonly --http-01-address 192.168.3.210 --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): ai.sarmadzhiev.com
Renewing an existing certificate for ai.sarmadzhiev.com

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: ai.sarmadzhiev.com
Type: connection
Detail: 73.71.171.246: Fetching http://ai.sarmadzhiev.com/.well-known/acme-challenge/5s6SEOuOHCUiLMCLCW_I0JBNyswLP2Fw4iIWoVYNOIw: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on 192.168.3.210:80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
my os is MacOS 15.6.1
I have apache2 running only for this renew. Installed via homebrew

this works:
http://ai.sarmadzhiev.com/.well-known/acme-chellenge/test1.txt

The version of my client is:
Certbot: 5.2.2

CURL commands:
curl -i6 http://ai.sarmadzhiev.com

HTTP/1.1 200 OK

Date: Fri, 02 Jan 2026 22:07:50 GMT

Server: Apache/2.4.63 (Unix) OpenSSL/3.6.0

Last-Modified: Fri, 28 Feb 2025 17:54:26 GMT

ETag: "39-62f377f513880"

Accept-Ranges: bytes

Content-Length: 57

Content-Type: text/html

AI Sarmadzhiev Server

=========
(base) nikolaymini@Nikolays-Mac-mini httpd % echo | openssl s_client -6 -connect ai.sarmadzhiev.com:443 | head -20

Connecting to ::ffff:73.71.171.246

depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1

verify return:1

depth=1 C=US, O=Let's Encrypt, CN=E6

verify return:1

depth=0 CN=ai.sarmadzhiev.com

verify error:num=10:certificate has expired

notAfter=Oct 20 19:54:02 2025 GMT

verify return:1

depth=0 CN=ai.sarmadzhiev.com

notAfter=Oct 20 19:54:02 2025 GMT

verify return:1

DONE

CONNECTED(00000005)

Certificate chain

0 s:CN=ai.sarmadzhiev.com

i:C=US, O=Let's Encrypt, CN=E6

Welcome @nikolayds

That isn't working from the public internet. I tried an HTTPS (port 443) request and that connected (although saw an expired cert). But, HTTP (Port 80) requests are blocked probably by a firewall. Although, could be bad network routing, port forwarding or similar on your end.

See: Check website performance and response : Check host - online website monitoring

Thx, sorry - I had to reload my router rules table. Strange, it was showing everything ok and when in corporate VPN the resolution worked.