@dno - I'm unable to reach the IP your domain name resolves to over port 443. I checked the Let's Encrypt staging server's validation logs and it receives the same error I do:
$ curl https://oak.lampworx.co.uk:443
curl: (7) Failed to connect to oak.lampworx.co.uk port 443: No route to host
$ curl 217.32.145.4:443
curl: (7) Failed to connect to 217.32.145.4 port 443: No route to host
I've seen this behaviour in the past and @schoen helpfully taught me how it can correspond to an ICMP "Host administratively prohibited" response that likely indicates there's a firewall or network device between the world & your server that's blocking access to 443 and breaking the tls-sni-01 validation.
@dno Can you try and determine if your ISP or hosting provider might be blocking inbound port 443?