@sa-webb I see improvement but a Palo Alto Networks brand firewall may be causing trouble. If not that brand then some firewall looks to be interfering.
I can make a test request to your server similar to what the Let's Encrypt server makes before issuing a cert. And, the test succeeds. BUT, only if I do not use the same user-agent as the Let's Encrypt server uses. If I do that the request times out.
We have seen many similar problems due to this brand of firewall as they changed a default setting recently. If you have such a firewall have your network team check for an Application Rule for "acme protocol" and be sure to allow that.
Here are sample curl requests you can provide to your network team to test the fix. These results are repeatable.
curl -I dashboard.utccuip.com/.well-known/acme-challenge/SampleChallenge123
(a 404 is normal here because file SampleChallenge123 does not exist)
HTTP/1.1 404 Not Found
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 01 Jul 2022 11:53:30 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
curl -I -m10 dashboard.utccuip.com/.well-known/acme-challenge/SampleChallenge123 -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
curl: (28) Operation timed out after 10001 milliseconds with 0 bytes received
Note I say it "may be" Palo Alto Networks because your timeout is slightly different than previous cases. Regardless, a request with any user-agent should succeed and it is too coincidental to other failures to not be related.