if you have an old configuration, then you have used tls-sni-01 - validation via port 443.
But tls-01-validation is deprecated, support ends 2019-02-13.
So you must switch to http-01 - validation, this requires an open port 80.
Or you use dns-01 - validation, then a dns txt entry is required.