Hi Jonas,
There was a change that took effect last month that requires the use of port 80 instead of port 443 for validation. You should have received an e-mail notification from Let's Encrypt following your most recent renewal about this issue; I'm sorry if that didn't come to the right place or if you didn't notice it. The current validation options are described at
The Certbot-specific implications of this are described in
as well as a number of other places on this forum.
The basic summary related to your situation is that you'll probably now need to forward port 80 in addition to port 443 for the validation to continue working.