Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I don't think you have set your DNS A record for that. It currently points to a "windstream" IP. No server is replying to HTTP requests which is why you see "timeout" error.
The A-record points to the corporate IP, and the internal DNS sends corporate users to AWS. External users can't see it.
It's correct; it works, but how can I get the certificate for this configuration?
Are you trying to get a cert to be used by that Apache system on AWS? And if I understand correctly that Apache is not accessible on the public internet. Is that right?
You can only get a Let's Encrypt cert for a domain name in the public DNS. An HTTP Challenge requires the IP in the public DNS to reply to the HTTP challenge from the Let's Encrypt server. A DNS Challenge has the ACME Client (like Certbot) placing a TXT record in the public DNS which is then verified by the LE Server.
I am guessing a DNS Challenge will be needed but I am not certain I understand your overall setup. Specifically, why HTTP requests to the "corporate IP" timeout.
Are you trying to get a cert to be used by that Apache system on AWS?
Yes
And if I understand correctly that Apache is not accessible on the public internet. Is that right?
Yes
A-record exists for the *.vpgsensors.com. I've got the wildcard certificate.