When I ran certbot renew, it always failed to authenticate domain.

INFO:certbot._internal.auth_handler:Challenge failed for domain mydomain.com
INFO:certbot._internal.auth_handler:http-01 challenge for mydomain.com
DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: mydomain.com
Type: connection
Detail: 10.10.10.5: Fetching http://mydomain.com/.well-known/acme-challenge/challengestring: Connection refused

I found that certbot append some setting to config file of apache and restart apache before authenticating. It ran apachectl graceful to restart, but graceful cause some error so apache stop and not to start again.

My solution is to modify
/usr/local/lib/python3.9/site-packages/certbot_apache/_internal/configurator.py

self.restart_cmd = ['apachectl', 'graceful']
to
self.restart_cmd = ['apachectl', 'restart']

ref: certbot suddenly fails | The FreeBSD Forums

—
Update (2024-03-13) :
I find this thread to solve the crash of apache when running apachectl graceful. Just add apache24_aslr_disable="YES" in /etc/rc.conf to disable ASLR and works like a charming.

ref: Bug 268318 – www/apache24 with www/mod_php8{0,1,2,3?}: opcache + ASLR turned on crashes Apache