Cisco/OpenDNS Umbrella is a network security product. It generally works as a DNS filtering solution where it essentially blocks domain that are known to be responsible for hosting things like phishing or malware, though it can also be used to block certain categories of sites (adult, social media, etc.).
Umbrella can also act as a HTTPS proxy for domains that are not quite as malicious, but potentially so, to inspect the traffic in detail. I would guess that’s what’s happening here. When Umbrella operates in proxy mode, it uses a custom root certificate that is not trusted by browsers by default and would need to be installed manually. The certificate you’re seeing was issued by that root certificate.
Presumably the network you’re using when visiting your domain is configured to use Umbrella’s DNS servers. This can be done either on the network/firewall level, or through an app running on your device.
Either way, it’s highly unlikely to be related to your server or to Let’s Encrypt.