TLS-SNI-01 validation, used by the Apache plugin, is currently disabled by Let's Encrypt for security reasons.
It may require a little setup, but you can use HTTP-01 validation with the Apache installer.
Version 0.4.1 is pretty old. I don't remember exactly, but I think the Python dialog error thing is a bug with displaying errors that was fixed in a more recent version of Certbot.
--renew-by-default
was renamed to --force-renewal
. They're equivalent. You should almost never need to use them, since they can cause unnecessary and excessive renewals.