rana@rana:~$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
1: tukka.online
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for tukka.online
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: tukka.online
Type: dns
Detail: no valid A records found for tukka.online; no valid AAAA records found for tukka.online
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Update you DNS to use a public IP like @rg305 indicated in the previous reply.
See these test results for more information.
If the host where you are running certbot is not accessible from the public internet, you won't be able to obtain a certificate using the method you have selected.
If you cannot make that site available from the internet, you will need to use the DNS-01 challenge instead.
If to secure a public website, then you'll need to change the IP so the public can reach your site.
If to secure a private website, then why use a public cert that expires every 90 days?
[instead, you could use a self-signed cert that can expire whenever you like]
Although the IP has changed:
Name: tukka.online
Address: 192.168.2.64
It is still non-routable.
See: RFC-1918
[TLDR; You can't use IPs from 192.168.0.0/16 over the Internet]