@cpu, this is an error generated from inside of OpenSSL which has something to do with a problem reading or writing on a TLS socket that has already been shut down by a TLS disconnection. It’s not related to any previously-known Certbot bugs, as far as I’m aware.
This still makes me wonder if this machine is making outbound HTTPS connections through some kind of proxy or firewall that has the ability to interfere with them for some reason.
It would be good to see the logs from /var/log/letsencrypt to try to find out what Certbot was trying to do at that point — but I’m afraid it’s probably just going to be the initial GET on the directory.