tl;dr: you might need to re-authorize the certbot client with firewall
I have had my certificate renewing successfully for about a year from a bi-monthly cronjob, using the “standalone” process. This week, I got an email that my cert would expire soon!
I logged into the server via ssh and verified that the renewal was failing, as letsencrypt could not contact the standalone server. No error messages came from certbot itself, and everything looked identical to when it was working. I finally traced the problem to the firewall no longer permitting the standalone server to accept internet traffic (but it did accept traffic from localhost, and was bound to all IPv4 addresses).
My solution was to start a GUI session to the server, so I could see, and accept, the OS dialog asking for permission to let internet traffic be delivered to the standalone server. I’ll look to see if I can find the command line approach, but I’m back renewing successfully for now.
I didn’t find anything in my searches for this problem, so wanted to leave a note in case anyone else experiences this issue.