Renew certificate fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: heavesim.no

I ran this command: sudo certbot renew --dry-run

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: heavesim.no
Type: connection
Detail: Fetching http://heavesim.no/.well-known/acme-challenge/p6xRhkOSusq2Tza2gj8aMxLd_qfVTMwqCC_4bsoAivs: Timeout during connect (likely firewall problem)

My web server is (include version): Server version: Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04.2 LTS

My hosting provider, if applicable, is: AWS EC2 Instance

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.16.0

I set up apache and encryption following the tutorials of Corey Shafer. Everything worked perfectly until I recently deployed an updated version of my Django app, moving from Basic Authentication to Token-based authentication. My app appears in my browser unsercurely, so everything seems to work except for encryption...

Hi @aamo and welcome to the LE community forum :slight_smile:

This implies that HTTP (TCP port 80) isn't reaching your server:

Can your server be reached from the Internet via HTTP?

Apache is set up to redirect traffic on 80 to 443, and "sudo lsof -i -P -n | grep LISTEN" suggests that apache is listening at port 80: apache2 625529 www-data 4u IPv6 7027088 0t0 TCP *:80 (LISTEN)
However, when i write http://heavesim.no in my browser, nothing happens, while with https://heavesim.no I get a security warning. So, I guess the answer is that my server is not reached from the Internet via HTTP. How do I fix that?

First, identify the reason why port 80 isn't accessible (firewall? router portmap? a second firewall?) and if you've identified the reason, fix it, depending on the reason.

Ask your ISP if they allow, or block, inbound HTTP requests.