I don't think we've seen enough of the logs to know exactly what is failing.
That said, I think your server is reaching acme-v02 and it may be the secondary HTTP challenges that are failing - most likely due to GeoLocation blocking or an IPS or IP block lists in place by your systems (or HE).
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
I can confirm that from my location: just a time out to IP 216.218.249.183. Nothing seems to be responding: no ping, no open port 21 or 22, no open HTTP or HTTPS.
So I'm with the error message: please check any and all firewalls and/or routers for correct behaviour and get port 80 open somehow, because it's closed at the moment.
I think your problem is due, letsencrypt is using AWS for verifying http-01 challenge, which means when there is problem from your network with AWS. Your domain cannot be verified
I've asked and confirmed to AWS support. That there is indeed a problem with connection between my networks and AWS which results in dropped tcp packet. And i'm still waiting the issue to resolve, even there is no ETA
From my perspective, i think the http-01 challenge bot should try verify the domain using more diversified cloud services, ex: Azure or Google Cloud, as the current implementation really depends on the stability of AWS network connection
I think the problem will become more and more common, due yesterday i have 3 ips that AWS have trouble with, and today i have 2 ips more that AWS have trouble with.
The problem maybe not be from AWS itself, as there is a lot of hops before reaching AWS. But my point is, it just take one bad network hop, to make letsencrypt unusable from some network.
Quoting from aws support:
"With the size and scale of AWS, traffic from different IPs can take different routes within the AWS network and a routing issue could cause a packet drop which looks very similar to a firewall that simply drops denied packets"
I guess I will get with the network guy and see about shutting down the firewall just for a moment to see if we can get a successful response from the servers.