Thanks for the screenshot. The likely problem is that you said --preferred-challenges http, but “http” is not the name of an ACME challenge. The correct form is --preferred-challenges http-01.
Since Certbot didn’t recognize “http” as a challenge type, it automatically reverted to the default “tls-sni-01”, which tried to connect on port 443 instead of port 80, which apparently didn’t work in your environment.
For dev.analytics.gov.ph, it looks like there are existing programs listening on both port 80 and port 443 that accept inbound connections but then disconnect immediately. You can find out if there are really any such programs by running a command like
sudo netstat -pant
If you see a :80 [...] LISTEN or :443 [...] LISTEN, that is the responsible program. You would need to temporarily stop that program in order to use --standalone because the port needs to be available in order to obtain the certificate using --standalone.
If you don’t see any such program, then there is some kind of firewall or proxy that restricts inbound connections for this machine, and you’ll need to find and change the firewall or proxy machine’s behavior to allow these inbound connections.
In this case it looks like your webroot is no longer correct. If you used --standalone with this server and then installed a separate webserver afterward, then there is probably a conflict between the standalone authenticator plugin and the new webserver. If you used --webroot, you may have changed something about the web server configuration after you originally obtained the certificate, which made the saved settings no longer correct. Does either of these possibilities seem likely to you?