Issues renewing my certificate

Hi for some reason I am unable to renew my certbot certificate. I have not had any problems in the past and I am able to navigate to my web server using the domain name and have checked on noir to ensure that the ip is correct and it is. I should be able to accept inbound connections to this port because I have no problem connecting to my server from Safari or Firefox, unless I am missing something. Really at a loss here. Thank you for any and all help.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
giuseppe-server.ddns.net

I ran this command:
sudo certbot renew

It produced this output:
sudo certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/giuseppe-server.ddns.net.conf

Renewing an existing certificate for giuseppe-server.ddns.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:

Domain: giuseppe-server.ddns.net

Type: connection

Detail: 104.169.167.177: Fetching http://giuseppe-server.ddns.net/.well-known/acme-challenge/{LONG_ALPHANUMERIC_STRING}: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate giuseppe-server.ddns.net with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:

/etc/letsencrypt/live/giuseppe-server.ddns.net/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
nginx 1.22.1-9

The operating system my web server runs on is (include version):
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm

My hosting provider, if applicable, is: N/A

I can login to root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

Yeah, I see HTTPS (port 443) connections working just fine too.

But, HTTP (port 80) are not reaching you with error from Let's Encrypt "Timeout during connect". The --standalone option requires exclusive use of port 80 so do you stop your nginx server before running certbot renew? Or, how do you handle port 80?

yes I have a script that turns it off renew and turns it back on overnight. When I did this yes I stopped nginx and ran certbot renew. What could cause port 80 to not be reachable? It is allowed through my firewall and also allowed on my routers. When I check open ports while nginx is running port 80 is in use but when I stop it nothing else is using port 80. I am really stumped...

Well, if nginx should "see" HTTP (port 80) requests right now then something is blocking port 80.

See, for example, this result: Let's Debug

Usually the reason is a firewall. Does your router have firewall settings?

Second most often reason is port forwarding, NAT, or other network routing at your end is faulty.

More rare ... could your ISP have started blocking port 80 inbound to you?

You should try an http request from outside your own network. Like a mobile phone with wifi disabled. Be sure to use http://(domain)

I am pretty sure you will get the same timeout problem as Let's Encrypt, Let's Debug, and tests from my own test server

Ok so thank you for your help I was able to get it renewed. I checked my router and port 80 WAS set to forward that port as well as 443. For some reason it was not doing that, I had to remove it from the port forwarding list and re-add to the list, and then when I ran certbot renew it worked fine. Thank You!