This alias doesn't work well with Certbot, as Certbot automatically appends .well-known/acme-challenge/ to the webroot path. And as the destination of the Alias directive doesn't contain .well-known, it would never work.
You could try
Alias /.well-known/acme-challenge/ /var/www/letsencrypt/.well-known/acme-challenge/
And then
certbot certonly --webroot --webroot-path /var/www/letsencrypt -d ingest.wmssfm.com --dry-run
You probably want to re-enable those RewriteCond so the challenge doesn't redirect to HTTPS: it isn't needed, the http-01 challenge only requires HTTP. And I have no clue how your HTTPS VirtualHost is configured, so better to be safe and just use HTTP.
@MikeMcQ Certbot actually wants the "root" as the --webroot-path. 