Let's Encrypt on Sophos UTM does not work

@MClasen I do not know Sophos UTM at all but I have an idea ...

On/about Oct 1 the LE servers at acme-v02.api.letsencrypt.org starting sending a new certificate chain. Before that day they used the "long chain" but now use the "short chain".

Perhaps Sophos detected the change and is blocking access as it looks suspicious? I agree with @rg305 that it seems more fruitful to discuss with the Sophos community. Just thought this bit of info would be helpful to you.

I saw various posts at Sophos community about server error 500's that seemed to be caused by Sophos and were not simply pass-thru errors from the target server.

More on the chains: