Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): paytibiamacros.duckdns.org
Requesting a certificate for paytibiamacros.duckdns.org
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: paytibiamacros.duckdns.org
Type: connection
Detail: Fetching http://paytibiamacros.duckdns.org/.well-known/acme-challenge/7eFphe4cCe7IoiYpsq3Lm_jwUD2or-jdZVhrbMaR1rw: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): nginx
The operating system my web server runs on is (include version): debian 10
My hosting provider, if applicable, is: I do not understand
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.19.0
Your site is not reachable on port 80 from the internet. For the http challenge you requested, this is required. Try this site for info: https://letsdebug.net/
I got a timeout trying to reach your site from my own server as well as Lets Debug result:
I get the same error as Lets Debug and the same I had before. I cannot reach your website at http://paytibiamacros.duckdns.org - all I get is a timeout waiting for a response.
Your DNS entry points to 187.36.230.228
Is that the correct IP for you?
There is not much info for me to work with. I do not have any specific ideas. Perhaps someone else may have some things to try.
Some other commands to check some basic things are running:
Check nginx conf file is ok: sudo nginx -t
Look at ports (make sure nginx is listening on correct port): sudo netstat -pant | grep -Ei '80|443|nginx'
You may need to adjust this command for your os version. And, it is ok if nginx is not yet listening on port 443 until you have gotten certs.
You mentioned a router so make sure your port is forwarding correctly to your nginx server.
Have you recently made changes or updates to your DNS records? The serial numbers for the SOA (Start Of Authority) for your domain name do not match up with the Name Servers. Actually, there's no DNS record found for your domain name.
Checking again using the MX tool, that still shows the same result. However, I went directly to Spanhaus ZEN's website and they indicate no problems now.
Here's the link for the SpamRATS results. It gives more detail to the why your IP is on their list and the procedure for removal from their blacklist. Spam Rats! - SpamRATS Lookup Tool!
Okay Gabriel, you replied as I was beginning to edit my reply. It may be easiest to begin by contacting abuse@registro.br and see what they say. Be sure to inform them your IP address look up is denied by WHOIS Lookup.
Do you have another email address you can use to contact them?
LISTED
It may be easiest to begin by contacting 
