In order for the way you're trying to get a certificate to work, the site needs to be accessible. The "During secondary validation" in the error indicates that some of Let's Encrypt validation systems were able to connect to your site to validate that you control it, but some of them could not. And in my testing I couldn't connect to it from anywhere.
Is the site intended to be publicly accessible? If so, you need to fix that before trying to get a certificate.
On the other hand, if the site needs to be blocked from most of the Internet, then you might need to switch to using DNS validation, assuming that your DNS server doesn't need to be blocked.
You may also find this FAQ helpful about how Let's Encrypt checks from multiple places around the world: