I see you got a cert today and it is being sent out by your server. So that's great.
But, renewals won't work with the setup you have now. You should test it with
certbot renew --dry-run
You may have a firewall blocking requests specifically of the ACME challenge path. Or maybe your redirects are doing something odd (proxying to a downstream server?).
Look carefully at these sample curl responses.
curl -I git.biome.io/.well-known/acme-challeng
(challenge not fully spelled out)
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 19 Apr 2022 22:00:40 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
curl -I git.biome.io/.well-known/acme-challenge
(no trailing slash, redirects fine but adds trailing slash)
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 19 Apr 2022 21:50:05 GMT
Content-Type: text/html
Content-Length: 162
Location: http://git.biome.io/.well-known/acme-challenge/
Connection: keep-alive
As soon as the slash appears the request fails.
curl -I git.biome.io/.well-known/acme-challenge/
curl: (56) Recv failure: Connection reset by peer
ForumTest would be the name of the ACME challenge file for actual requests
This should respond with 404 (not found) as ForumTest file does not exist
curl -I git.biome.io/.well-known/acme-challenge/ForumTest
curl: (56) Recv failure: Connection reset by peer