Yeah, you are still faced with this:
You will need to involve a network support person further upstream from you. Find out where in the long winding road the request is getting blocked. You have mentioned several levels of equipment between you and the public internet. Start at the farthest from you that you can looking for the requests from the Let's Encrypt server(s). Even use the Let's Debug web site to initiate the tests (https://letsdebug.net)
Your other options are switching to a DNS Challenge although that requires you to have access to your DNS records and I don't recall if you do.
You could also try switching to a different Certificate Authority (CA). Perhaps the locations they validate from will somehow get through to you. It is possible you are suffering from some unusual network routing issue. Maybe another CA won't be affected.
Here is a suggestion for others. Google CA might be a good first try.