I'm getting a timeout too and not just for the challenge, but for that hostname altogether. As the error suggests, is there any firewall blocking port 80? I can see the host is up, as it replies to pings, but no common port seems to be open.
Also: if you have an instance of nginx running, why are you using the standalone plugin? Not that it's related to your firewall issue though, but more in general..
yes, you're right. i have a firewall ufw allow port 80 ( as i thought, i have done that many times ), but i review using ufw status as below,
Anywhere ALLOW 433
Anywhere ALLOW 80
i disable the ufw and certbot command succeed immediately then i realize my rule is wrongly defined and as you said port 80 not open.
so i add another one ufw allow 'Nginx Full', then it works.
why i use standalone because i just want it as simple as possible and edit the nginx.conf myself to add the ssl_certificates and related definitions.
the certbot error message has pointed out the suspicious firewall issue but just i was unable to find the exact issue as i thought my firewall didn't block.
I concur with Rudy here. If you don't want Certbot to mess with your nginx configuration in any way, which I can understand, I'd recommend using the certonly subcommand with the --webroot plugin. I'd only use standalone if it was a webserver-less host, such as a standalone mailserver or something similar.