There's a firewall blocking access, at least from my location:
Good chance this is also affecting the LE validation.
You should allow access to the path /.well-known/acme-challenge/ globally. Alternatively, you might be able to use the dns-01 challenge instead.