When you say the error occurs only with 2.22.101.48, are you referring to other IP addresses that acme-v01.api.letsencrypt.org resolves to, or some other site that you’ve tested connectivity with?
Let’s Encrypt is hosted behind Akamai’s CDN, so these issues are sometimes hard to debug because they are often specific to certain routes/ISPs. In the past, Let’s Encrypt staff have asked users to run a number of diagnostic commands when something like this occurs, though in similar cases the IP was typically not reachable at all. This will be useful for the Ops team and Akamai to further debug this.
Could you also try running the following command from that IP? I’m curious how far the connection gets, i.e. whether it’s a general block on incoming traffic on port 443 or if it happens somewhere in between. You can replace the hostname with 2.22.101.48 in case the first IP it resolves to is currently different - only the -servername needs to remain as is.
openssl s_client -connect acme-v01.api.letsencrypt.org:443 -servername acme-v01.api.letsencrypt.org