Accessing https:// to an IP should give that error.
But it shows that you do have access to the IP.
I still don't see the IP of the client PC; but the PC and the server seem to be on the same LAN.
So I'm confused on why it presents that error when you added the the entry in the hosts file.
Let me crosscheck the facts...
[and take nothing for granted]
What is the IP on the client PC?
What IP is shown by the client PC when you ping the server by its' full name [FQDN]?
You need to avoid using the publicIPaddress from within the private networks.
Meaning you should NOT try to cross the router, nor have the router handle any part of your conversation with the server (unless the router can be set to handle hairpinning - which doesn't seem likely).
The IP on the client PC from which I ran those commands is 192.168.86.243. When I ping foundry.dyoung.page (I assume that is the FQDN), I get the following:
> ping foundry.dyoung.page
PING foundry.dyoung.page (75.147.128.194) 56(84) bytes of data.
64 bytes from 75-147-128-194-SFBA.hfc.comcastbusiness.net (75.147.128.194): icmp_seq=1 ttl=63 time=12.1 ms
64 bytes from 75-147-128-194-SFBA.hfc.comcastbusiness.net (75.147.128.194): icmp_seq=2 ttl=63 time=10.8 ms
64 bytes from 75-147-128-194-SFBA.hfc.comcastbusiness.net (75.147.128.194): icmp_seq=3 ttl=63 time=12.5 ms
^C
--- foundry.dyoung.page ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 10.778/11.792/12.543/0.744 ms
Good to know about not using the public IP address from within the LAN.
That's still using the public IP.
You need to add an entry in the hosts file to override that IP (with the 192.168 number).
Great diagram!
I added that entry to /etc/hosts on my local client and then did a reboot in case it needs that. When I try to go to https://foundry.dyoung.page it just tries to connect for a long time and then times out (I tried this both with Chrome and Firefox).
My concern was that people outside my local network were not able to connect to the site, but I just tried with my notebook connected through my phone wifi access spot (rather than my home network) and was able to connect. So I assume it has been working from outside my local network this whole time.
It would still be nice to be able to make the FQDN work from within the network, but this has helped me realize the site is working from external IP addresses.
Yes, see: SSL Server Test: foundry.dyoung.page (Powered by Qualys SSL Labs)
Please try the PING again from your PC:
ping foundry.dyoung.page
[and show the output]
Wow, I finally have it working from inside the LAN as well now. I had a typo in my /etc/hosts entry, but it works now thanks to you folks.
Thanks so much -- I know this went well outside of letsencrypt issues. I really appreciate how you've helped me understand!
Glad we could help
Cheers from Miami 
[now back to trading crypto for beer...]
