Certbot configuration failure for subdomain on AWS EC2

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: youthministry.rccghopmn.org

I ran this command: sudo certbot --nginx

It produced this output:
ubuntu@ip-172-31-85-195:~$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: youthministry.rccghopmn.org
2: www.youthministry.rccghopmn.org

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for youthministry.rccghopmn.org and www.youthministry.rccghopmn.org

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.youthministry.rccghopmn.org
Type: unauthorized
Detail: 192.185.21.16: Invalid response from http://www.youthministry.rccghopmn.org/.well-known/acme-challenge/urqTQaLs4JZeZLQNyCJfUIC2Du6hteQ4ULVEbjt_DX0: 404

Domain: youthministry.rccghopmn.org
Type: unauthorized
Detail: 192.185.21.16: Invalid response from http://youthministry.rccghopmn.org/.well-known/acme-challenge/q3YBhpVs3DJxfex0kDLhS7lTNQOyS5OukglHvBGICAo: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginix

The operating system my web server runs on is (include version): Ubuntu 24.04.2 LTS

My hosting provider, if applicable, is: HostGator/AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot --version

Description of issue:
I am trying to configure SSL/TSL for a subdomain. The subdomain runs on an AWS EC2 instance while the main domain runs on web hosting with Hostgator. I changed the A record of the main domain with the domain registrar, Hostgator.com to point to the public ip address of the AWS server (EC2 instance) which runs the web app served at the subdomain.

The IP address in the error message seems to resolve to Hostgator.

I will appreciate any help/useful suggestions.
Thanks.

It appears that your DNS server has both 44.213.208.20 and 192.185.21.16 as the address of youthministry.rccghopmn.org, you will need to delete the A record for 192.185.21.16.

Edit: I'm unfamiliar with Hostgator, however the record might show as an ALIAS record when editing the DNS entries or you might need to stop Hostgator web hosting for the subdomain.

The Certbot --nginx option will only get a cert for the domain handled by the nginx running on the same machine as Certbot.

You need to update your DNS as noted by @MaxHearnden. But then also do not request a cert that includes the name on the other system.