For now, you'll need to ensure that port 80 remains open, even if all it does is redirect to 443.
Let's Encrypt's HTTP validation method must start at port 80, due to some security issues with shared hosting.
There is an upcoming validation method to allow port 443-based validation, but it's not yet arrived.
If this isn't acceptable, you also have the choice to use DNS validation.
This was probably just the authorization being cached. It won't work reliably.