I ran this command: certbot certonly --standalone -d 216.bz
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for 216.bz
Performing the following challenges:
http-01 challenge for 216.bz
Waiting for verification...
Challenge failed for domain 216.bz
http-01 challenge for 216.bz
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: 216.bz
Type: dns
Detail: DNS problem: SERVFAIL looking up A for 216.bz - the
domain's nameservers may be malfunctioning; DNS problem: SERVFAIL
looking up AAAA for 216.bz - the domain's nameservers may be
malfunctioning
You need a working HTTP site before you can secure it using HTTP-01 authentication.
The first step to anything/everything on the Internet is DNS.
Start fixing this problem there [within you DNS zone].
In case you are not DNS tech savvy... 216.bz | DNSViz
shows the A record as being "bogus".
Find the authoritative DNS server for that TLD: nslookup -q=ns bz.
Ask anyone of those DNS server where to find your domain: nslookup 216.bz 199.254.59.1
Ask anyone of those listed DNS servers what are the authoritative DNS servers for your domain: nslookup -q=ns 216.bz ns1.digitalocean.com
The reply must be the same set of servers as provided by the TLD authoritative server.
But in this case, they are not.
Digital Ocean returns only the SOA record:
Weelllll, technically when using the standalone plugin, an actual HTTP site isn't required
This iswas the problem: an incorrect DS record exists in the .bz zone. OP should update the DS record in the .bz zone corresponding to the actual DNSKEY used in the 216.bz zone.
Currently, everything is looking good @ DNSViz (216.bz | DNSViz)
Weeeeelllll, technically even when using the standalone plugin, you still need DNS.
So that (even though it's a very temporary) HTTP site can be reached [i.e. considered to be "working"],