You are probably affected by a Palo Alto Networks brand firewall. Test acme challenge requests work but not if they use the same "user agent" as Let's Encrypt servers. I describe this in more detail here:
Tests to your server are below. Both should work. Show these to your network admins.
curl -I -m 10 webwork.piedmont.edu/.well-known/acme-challenge/Test123
HTTP/1.1 404 Not Found
Date: Mon, 08 Aug 2022 16:47:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1
curl -I -m 10 webwork.piedmont.edu/.well-known/acme-challenge/Test123 -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
curl: (28) Operation timed out after 10001 milliseconds with 0 bytes received