if you are using http cert retrieval, certbot needs a place put the temp. token to authenticate your contrrol of the domain your are creating a certificate for. usually that will be the same webserver you want to serve the certificate from.
if you are not running an actual weberver on port 80 that certbot can insert a token for, certbot cannot complete.
this is, of course, in addition to other possible issues such as ISP port blocking - but without a web server listening on TCP/80, you will have to use other authorization methods (like DNS) to generate a cert.