Certbot issues on NetBSD8 w/apache vhost

My domain is: www.flyinghorsetraining.com

I ran this command:
certbot --apache --apache-server-root /usr/pkg/etc/httpd --apache-ctl /usr/pkg/sbin/apachectl -d www.flyinghorsetraining.com -d flyinghorsetraining.com

It produced this output:

certbot --apache --apache-server-root /usr/pkg/etc/httpd --apache-ctl /usr/pkg/sbin/apachectl -d www.flyinghorsetraining.com -d flyinghorsetraining.com
Saving debug log to /var/letsencrypt/log/letsencrypt.log
ssl_module is statically linked but --apache-bin is missing; not disabling session tickets.
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for www.flyinghorsetraining.com and flyinghorsetraining.com
Performing the following challenges:
http-01 challenge for flyinghorsetraining.com
http-01 challenge for www.flyinghorsetraining.com
Cleaning up challenges
**Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.**

My web server is (include version):

# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80                   flyinghorsetraining.com (/usr/pkg/etc/httpd/flyinghorsetraining.com.conf:22)
# apachectl -v
Server version: Apache/2.4.46 (Unix)
Server built:   Dec  8 2020 16:26:56

The operating system my web server runs on is (include version): NetBSD 8_Stable

My hosting provider, if applicable, is: Self hosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site : no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

# certbot --version
certbot 1.10.1

My website is reachable on port 80.
I've fought through quite a few issues over last couple of days, but stuck at the moment...

Here is my vhost config:

<VirtualHost *:80>
    ServerAdmin webmaster@flyinghorsetraining.com
    DocumentRoot "/sambashare/www.flyinghorsetraining.com"

#Everyone can see root directory
    <Directory "/sambashare/www.flyinghorsetraining.com">
      Options -Indexes -FollowSymLinks
      Require all granted

#wp-admin require web credentials (apache/httpass)
    <Directory "/sambashare/www.flyinghorsetraining.com/wp-admin">
       Options Indexes
       DirectoryIndex index.php index.html
       AllowOverride None
       AuthType Basic
       AuthName "FHT_Restricted"
       AuthBasicProvider file
       AuthUserFile /usr/pkg/etc/httpd/httpassword
       Require user fhtwww

    ServerName flyinghorsetraining.com
    ServerAlias www.flyinghorsetraining.com
    DirectoryIndex index.php
    ErrorLog "/var/log/httpd/www.flyinghorsetraining.com-error_log"
    CustomLog "/var/log/httpd/www.flyinghorsetraining.com-access_log" common
    <FilesMatch \.php$>
        SetHandler application/x-httpd-php

Do you require the apache plugin or can you use the webroot plugin? Would make everything a lot easier I think. It would require you to manually install the certificate into Apache tho.

No, I suppose I can try webroot...

And I do get success with this! So on to manual install...

thank you!

I don't see why not. See the webroot documentation for more info.

You are asking for two names, but only one is being served:

You need to add a ServerAlias for the www.

I see it in your posted code...
You did not provide the full output of: apachectl -t -D DUMP_VHOSTS
There is another config file in use.

I would try removing the IP form the ServerAlias.