The HTTP Challenge to your domain from the Let's Encrypt servers is being redirected incorrectly. For example:
curl -I http://californiaregionalcollaborative.org/.well-known/acme-challenge/ChallengeToken123
HTTP/1.1 301 Moved Permanently
Date: Thu, 13 Oct 2022 02:43:36 GMT
Server: Apache
Location: http://lsc-acme-cntrl.lsnet.ucla.edu/.well-known/acme-challenge/
You redirect it to the ucla.edu domain. Which is fine. But, the challenge token value is lost.