Bart doesn’t think about outgoing traffic
The thing is that there is some incoming traffic needed to install letsencrypt using Certbot. Company security policy blocks Internet connection. It can be unblocked but we need to specify IPs and port numbers to hosts that certbot needs to communicate with to successfully install and renew certificates.
Or alternatively - find a way to import certificates without internet connection, using csr or sth