Hello @seattlebears, welcome to the Let's Encrypt community.
Since you did not answer this question:
I am going to make an assumption that the HTTP-01 challenge (the most commonly used) of the Challenge Types - Let's Encrypt and it states
"The HTTP-01 challenge can only be done on port 80."
Best Practice - Keep Port 80 Open
Using the online tool Let's Debug yields these results https://letsdebug.net/cafe.cbtec.com/2032133
ANotWorking
ERROR
cafe.cbtec.com has an A (IPv4) record (69.2.51.140) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with cafe.cbtec.com/69.2.51.140: Get "http://cafe.cbtec.com/.well-known/acme-challenge/letsdebug-test": context deadline exceeded
Trace:
@0ms: Making a request to http://cafe.cbtec.com/.well-known/acme-challenge/letsdebug-test (using initial IP 69.2.51.140)
@0ms: Dialing 69.2.51.140
@10000ms: Experienced error: context deadline exceeded
IssueFromLetsEncrypt
ERROR
A test authorization for cafe.cbtec.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
69.2.51.140: Fetching https://cafe.cbtec.com/.well-known/acme-challenge/SKZ40hWZmuT3Y8RDkH9pspP9BkZfeHOIunFFZJqwqnM: received disallowed redirect status code
Using nmap
from my Oregon, USA locations I see
$ nmap -Pn -p80,443 cafe.cbtec.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-06-15 01:04 UTC
Nmap scan report for cafe.cbtec.com (69.2.51.140)
Host is up (0.074s latency).
rDNS record for 69.2.51.140: 140.51.venyu.com
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds
I believe there is geo blocking
http://www.site24x7.com/tools/public/t/results-1718413205834.html
Edit: and here too Permanent link to this check report
Please read these: