Does your firewall block requests from outside the USA? Because there was a recent change that would prevent renewal if you did.
I can see your Apache server just fine from the US. It even looks setup to recognize the ACME HTTP Challenge.
But, the "Secondary validation" is a strong indicator of a firewall problem from this