where is your window? There are Apache- and nginx - server. Checking this file, Letsencrypt want's to validate this.
D:\temp>download Use SQL Spreads Excel add-in to update data in SQL Server -h
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 18 Oct 2018 09:39:44 GMT
Location: http://www.sqlspreads.com
Server: Apache/2.4.10 (Debian)
Status: 301 MovedPermanently
213,59 milliseconds
0,21 seconds
Moved to the root of another domain, which isn't the required content. And there is an Apache.
Then:
[edit: One part duplicated - removed]
D:\temp>download http://www.sqlspreads.com/ -h
SystemDefault
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 178
Content-Type: text/html
Date: Thu, 18 Oct 2018 09:40:35 GMT
Location: http://sqlspreads.com/
Server: nginx
Status: 301 MovedPermanently
305,94 milliseconds
0,31 seconds
There is an nginx, moving to non-www.
D:\temp>download http://sqlspreads.com/ -h
Connection: keep-alive
Keep-Alive: timeout=20
X-Pingback: http://sqlspreads.com/xmlrpc.php
WPE-Backend: apache
X-Cacheable: non200
X-Cache: HIT: 2
X-Pass-Why:
X-Cache-Group: normal
X-Type: default
Accept-Ranges: bytes
Content-Length: 0
Cache-Control: max-age=600, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Thu, 18 Oct 2018 09:40:42 GMT
Location: https://sqlspreads.com/
Server: nginx
Status: 301 MovedPermanently
302,74 milliseconds
0,30 seconds
Then the next nginx, with WPE-Backend: apache, moving to https
D:\temp>download https://sqlspreads.com/ -h
SSL-Zertifikat is valide
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-Pingback: https://sqlspreads.com/xmlrpc.php
Link: https://sqlspreads.com/wp-json/; rel="https://api.w.org/",https://sqlspreads.com/; rel=shortlink
WPE-Backend: apache
X-Cacheable: SHORT
Vary: Accept-Encoding,Cookie
X-Cache: HIT: 3
X-Pass-Why:
X-Cache-Group: normal
X-Type: default
Cache-Control: max-age=600, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Thu, 18 Oct 2018 09:40:48 GMT
Server: nginx
Status: 200 OK
734,27 milliseconds
0,73 seconds
Then there is the final http status 200. Your first server should send the content Letsencrypt want's to validate. Instead 3 redirects.