The error message that you see is coming from the certificate authority and so it's less likely to be related to your Certbot upgrade.
It's much more likely to be related to this recent change on the CA side:
(the "secondary validation" is an additional attempt to connect to your server, from elsewhere on the Internet, for validation purposes)
It's logically possible that the Certbot update had some connection with this, but it's unlikely because there haven't been major changes in the standalone authenticator in the Certbot code recently. Also, if the firewall were completely uninvolved, I would expect to see something like "connection refused" rather than "timeout during connect" in case of a failure to connect to your server.
Because of the recent multi-viewpoint validation change, it's possible that firewall rules that didn't prevent certificate issuance before are now preventing it (by blocking some of the secondary validation connections).