The Let's Encrypt API servers (without any notice) in May changed to use an ECDSA key instead of an RSA one. Your system probably doesn't have those cipher suites enabled.
There are these threads from a different Windows client, with some additional information:
Of course, if you're not getting security updates anyway, then even if you can get a certificate then you shouldn't be considering your connections "secured".
If you can't enable those cipher suites, you may be better off switching to another CA; there are several others that are also free and use ACME and should be relatively straightforward to switch to.