You are almost certainly affected by a Palo Alto brand firewall.
You need to change the Palo Alto firewall to allow "acme-protocol" in its Applications section. Show your network team the two requests below. Both should result in a 404 but you can see the one with the user-agent like LE fails. We have seen this problem often.
# With a user-agent like Let's Encrypt - it fails
curl http://mederi.buap.mx/.well-known/acme-challenge/Test404 -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
curl: (56) Recv failure: Connection reset by peer
# Without that user-agent, it works
curl http://mederi.buap.mx/.well-known/acme-challenge/Test404
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>