The immediate problem seems to be that your ISP blocks port 80. Port 80 is required in order to renew Let’s Encrypt certificates using HTTP validation.
It’s possible that you were previously renewing using TLS-SNI (port 443), but this is no longer possible with Let’s Encrypt.
Given that ddns.net
(run by noip.com) does not support TXT records, it seems that you cannot use DNS validation either.
Your choices are very limited:
- You can try get your ISP to unblock port 80
- You can abandon Certbot and use acme.sh in TLS-ALPN mod (first stopping your Apache webserver) to issue a certificate: https://github.com/Neilpang/acme.sh#5-use-standalone-ssl-server-to-issue-cert
- You can abandon
ddns.net
and use a dynamic DNS provider that supports Let’s Encrypt DNS validation, like duckdns.org or afraid.org or some others).