The method used has placed the authentication challenge response token in an incorrect location.
Why?
That is hard to say. But something may have changed (even just slightly).
Or the certbot plugin was updated and now doesn't understand your config precisely.
You could troubleshoot it better by adding more detail to the logs and uploading them here (if needed):
One thing that @joohoi has recently determined is that in many cases where --apache fails to satisfy the HTTP-01 challenge, there are multiple Apache virtualhosts with overlapping coverage (in the sense that they potentially refer to the same hosts or paths). In this case Certbot doesn't know for sure which one to use for the challenge, and it guesses one, which may be wrong.
This is a likely explanation for most recent cases of 404 errors with --apache. The behavior will be changed in an upcoming release of Certbot so that all potentially relevant virtualhosts are modified to be capable of passing the challenge, but I would agree that it's potentially a symptom of an ambiguous Apache configuration in which the existing virtualhosts weren't entirely as intended.
certbot --version
certbot 0.28.0
And there are the apache2.conf, ssl.conf and the urlaub-norden-norddeich.de.conf files. If you need more, please let me know.