Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: gul.ph
I ran this command: certbot --apache -d gul.ph -d www.gul.ph
Also have a look at: Combining plugins
certbot run -a webroot -i apache -w /var/www/html -d example.com
As that may get you going and out of the “chicken and egg” problem with the “need 443, but don’t have 443” you seem to be in.
To enable 443, your site would need to be using TLS(SSL)
You may be able to use the snakeoil test certs generally loaded with Apache.
If this is your first time enabling TLS(SSL) on a site, we should just go about that in a more automated direction.
0.12.0 is not that old, not sure if it is the latest.
Can you try the Fedora-Apache recommended installation method?
It should just update the current certbot (if needed).
That’s not necessary for the tls-sni-01 challenge. It uses custom temporary certificates served through either an existing webserver (apache or nginx plugin) or a temporary Python server (standalone plugin) running on port 443.
This error is probably caused by a firewall issue.
Indeed, it’s something of a myth that you have to have an existing HTTPS site in order to use Certbot’s --apache or --nginx options. They’re quite willing to configure your server to listen on port 443 even if it didn’t previously do so. I agree with the suggestion of a firewall issue here.
What are the ways to know if I have firewall running on my server?
I have run systemctl status firewalld and I have seen active (running).
How can I enable my firewall to accept certbot challenge?