APACHE CERTBOT ERROR

I'm configuring https on a local apache server using certbot but I get the error below:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for digierp.com
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain digierp.com
http-01 challenge for digierp.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.example.com
   Type:   connection
   Detail: 110.40.19...: Fetching
   http://example.com/.well-known/acme-challenge/X3IbvKI9gbZu1.........:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

This is my /etc/apache2/sites-available/exapmlee.conf file

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName examplee
    ServerAlias www.example.com
    DocumentRoot /var/www/examplee
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

If I dig into example.com, I get this

;; ANSWER SECTION:
example.com.        0   IN  A   127.0.0.1

/etc/hosts

127.0.0.1       localhost
127.0.1.1       digierp-Joy

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.0.1       example.com

Where is the system getting this ip 110.40.19...?

Any suggestion on the error above?

Meta: I fixed your formatting and restored # which is actually a necessary part of the syntax of /etc/hosts; please click the ? icon in the edit window and read the help for 'code' (and maybe others too)

Note that www.{something} is not the same as {something} although they may map to the same address(es?) and host(s?).

It is evident from the log you are actually requesting a cert for digierp.com which does map in public DNS to 110.40.197.199, and so does www.digierp.com which certbot should also have requested for the config you sort-of-show but which apparently wasn't tried because the first challenge failed.

To get a cert from LetsEncrypt using http-01 challenge, your server must be accessible from the public Internet at the address determined by public DNS. LetsEncrypt can't see what's in your local /etc/hosts and if it could it wouldn't trust it because the whole point of a certificate from a public CA like LE is that other people everywhere in the world can trust the identity of your server.

If you control the DNS for this domain, which you didn't say and your post doesn't show, you could get an LE cert for the name of a local-only server using the dns-01 challenge instead; depending on the DNS provider you are using there may be a plugin for it or you may need to do it manually. That cert could then be used with clients which locally map [www.]digierp.com to 127.0.0.1 or another local address using /etc/hosts or similar.

To get a cert from LE or most public CAs you must 'control' a publicly-registered domain name. In practice this means either paying for it, or getting someone (who does pay) to provide it to you; for example if you're a staff member in a school, they might give you a subdomain under their domain. From a few public CAs you can get a cert for an IPaddress, but only a publicly-routable and statically assigned one, definitely NOT addresses intended for local use like loopback (127.0.0.1 or ::1), rfc1918, or fe80:/16.

Outside of public CAs, if you aren't in an organization that runs a 'local' CA like some large businesses and government agencies, you can either generate simply a self-signed cert as Falcon noted, or slightly more complicated set up your own private, personal CA (which only you and nobody else trusts). See my list of links to Qs on this subject, across several Stacks, at https://stackoverflow.com/questions/69499225/how-to-solve-the-problem-of-self-signed-ssl-certificates-for-sites-intended-to-b .

Are you trying to get a certificate from letsencrypt for www.example.com? You can't do that. It's not yours.

I see you're doing a few different things. You've asked certbot for a certificate for www.example.com but the rest of your question is about example.com. Those are two different things; the www is not implied at all. It's common, though, to get a certificate for both www.example.com and example.com, where example.com is your domain.

Maybe your domain is digierp.com? You've edited it in some places but not others.

Other than that you're generally using the tools correctly, I think. But letsencrypt isn't a local tool. Certbot asks letsencrypt to verify your control of the domain using the ACME protocol over the internet, and then gives you the certificate. You can't use it when you're trying to run a server only on loopback.

To use letsencrypt, set DNS (not your hosts file) to point at the server you're running your site on. If you need to do local testing, use some other tool; some people issue a self-signed certificate and add it to their trust store (or ignore the TLS warnings).