This looks like you are blocking access to requests from certain parts of the world (called geo blocking). Let's Encrypt makes requests from various global points to validate you control it from all aspects.
Requests from the USA are working but not from other regions (I did not test them all).
Below is a good explanation. You chose the --apache method which uses an HTTP Challenge