I have the same problem. Http challenge, timeout during connect, likely firewall problem
I think your problem is due, letsencrypt is using AWS for verifying http-01 challenge, which means when there is problem from your network with AWS. Your domain cannot be verified
I've asked and confirmed to AWS support. That there is indeed a problem with connection between my networks and AWS which results in dropped tcp packet. And i'm still waiting the issue to resolve, even there is no ETA
From my perspective, i think the http-01 challenge bot should try verify the domain using more diversified cloud services, ex: Azure or Google Cloud, as the current implementation really depends on the stability of AWS network connection
I think the problem will become more and more common, due yesterday i have 3 ips that AWS have trouble with, and today i have 2 ips more that AWS have trouble with.
The problem maybe not be from AWS itself, as there is a lot of hops before reaching AWS. But my point is, it just take one bad network hop, to make letsencrypt unusable from some network.
Quoting from aws support:
"With the size and scale of AWS, traffic from different IPs can take different routes within the AWS network and a routing issue could cause a packet drop which looks very similar to a firewall that simply drops denied packets"