Are you sure the VPN has no firewall blocks?
I'm not sure how to verify this, obviously some traffic is getting through on port 80. When I had the SMTP issue, I did contact the VPN support about it but that didn't lead to a fix. I suppose I could try again with these additional clues.
What was the IP address that came through? It
Varies slightly each time I run certbot, although always only one gets through each run. Here are a few IPs see in the logs from the 'Let's Encrypt validation server':
23.178.112.214
23.178.112.212
66.133.109.36
The Let's Debug query came from here:
65.21.146.168
< You mention China. Is this behind the great wall of china firewall?
I'm in Seattle, WA and the VPN endpoint is in Phoenix, AZ. I think the VPN provider serves a lot of customers in China, and I've seen evidence that my IP, or block of IP's including mine, has been somehow tagged as Chinese, for example when I browse the web using my Private IP, Google occasionally presents the Chinese login screen. The China Firewall may have tagged this IP as VPN and blocking it, but would that alone prevent certbot from running?
Thanks again for your help.