There are tons of problems possible - the firewall you know, another firewall, a wrong router, a wrong ip address, a wrong port forwarding, a .htaccess, an application answer / error.
The "check-your-website" has now some spam. Best solution - sleep 5 seconds, check, if the client is connected, sleep again. Looks like a timeout, but it is application generated. Some bots are 50 seconds busy checking that, stops a lot of spam.
That’s a docker port mapping (that bypasses the usual iptables chains, so your local firewall is open – by pure luck).
There can be other firewalls, on your router or your cloud provider’s panel. Or there can be a missing port forwarding rule.
I have forgotten to mention, according to crt.sh | etrust.pacifictrustees.com , I have noted that during the renewals in April and May, our firewall wasn't with us as our office hit a power surge and the adapter was fused. We did not face any problems for it being updated. In January and March, our firewall was still with us and the renewal was successful. Our firewall was reinstalled in June. Therefore, I think our firewall vendor misconfigured something.
Bumping this post up so you’re able to see this
je suis no clairvoyant.
how can I tell you what your firewall does?
Hmm, would it help if I show you the specific settings for our firewall?
Not to me. It comes a time when one must do their research by themselves. Please do.
(I'm judging you right now, I don't like when people replace vendors with community support and don't realize they have to do the work themselves)
So we know it's time to close that topic. Please fix your system. Thanks. If you have a Letsencrypt relevant question, start a new topic.
A firewall or not working port 80 problem is only a local problem you have to fix.