Failed to renew certificate

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /home/laravel/lms/public


           <Directory /home/laravel/lms/public>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Require all granted
          </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine off
RewriteCond %{SERVER_NAME} =lms.nphcda.gov.ng
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

The RewriteEngine Off blocks the Certbot --apache temp config changes. Comment out those 3 lines or set it On

You should also use the same ServerName that you use in your port 443 VirtualHost

After trying the first suggestions, i tried this command: sudo certbot renew --quiet, and I didn't get any error and when i try sudo certbot renew it show this

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/lms.nphcda.gov.ng.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/lms.nphcda.gov.ng/fullchain.pem expires on 2023-11-17 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

but I still can't access my site using HTTPS

Looks good, probably your renewal with --quiet was successful.

You can check your certificates with sudo certbot certificates

the certificate has been renewed but i get this error Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.

Can you show us contents of that file?

Please use the 3 backticks before and after the contents so info is not lost
```
contents of file
```

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /home/laravel/lms/public


           <Directory /home/laravel/lms>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
            Require all granted
          </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf


ServerName lms.nphcda.gov.ng
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/lms.nphcda.gov.ng/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/lms.nphcda.gov.ng/privkey.pem
</VirtualHost>
</IfModule>

That looks good. Are you sure HTTPS requests (port 443) are getting to that Apache server?

Do you see the requests in your Apache error or access log?

Yes HTTPS requests are getting to Apache

i tried this command

curl -I https://lms.nphcda.gov.ng

and got this

curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

That's what I get too. Do you see that error in your Apache error log too?

[Sat Aug 19 21:53:31.366547 2023] [mpm_prefork:notice] [pid 1328214] AH00169: caught SIGTERM, shutting down
[Sat Aug 19 21:55:15.311463 2023] [mpm_prefork:notice] [pid 1329462] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Sat Aug 19 21:55:15.311583 2023] [core:notice] [pid 1329462] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 19 22:24:16.398299 2023] [mpm_prefork:notice] [pid 1329462] AH00169: caught SIGTERM, shutting down
[Sat Aug 19 22:24:24.146297 2023] [mpm_prefork:notice] [pid 1335898] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Sat Aug 19 22:24:24.146655 2023] [core:notice] [pid 1335898] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 19 22:46:30.646076 2023] [mpm_prefork:notice] [pid 1335898] AH00169: caught SIGTERM, shutting down
[Sat Aug 19 22:46:31.462877 2023] [mpm_prefork:notice] [pid 1341246] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Sat Aug 19 22:46:31.465136 2023] [core:notice] [pid 1341246] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 19 23:17:52.137145 2023] [mpm_prefork:notice] [pid 1341246] AH00169: caught SIGTERM, shutting down
[Sat Aug 19 23:17:52.369597 2023] [mpm_prefork:notice] [pid 1347708] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Sat Aug 19 23:17:52.369715 2023] [core:notice] [pid 1347708] AH00094: Command line: '/usr/sbin/apache2'

I think you should see that connection error in the log. I don't think you are reaching that VirtualHost

You could try removing the above two lines from your <VirtualHost *:443> That's just a wild guess

Make sure to restart Apache after

Please show this file:

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder     off
SSLSessionTickets       off

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

As a test...
Try changing this:

To this:
SSLProtocol all -SSLv2 -SSLv3

And then restart Aapache.

I hope that doesn't do much, because if it does... what openssl/apache versions do we have?

Didn't do much

OpenSSL 1.1.1f 31 Mar 2020

It's not the newest but it's recent enough.