The test I showed uses the Let's Encrypt Staging system but your failure shows timeouts from the Let's Encrypt production system. As I noted, these use different IPs
The LE server farms are in various parts of the world. I don't know which you consider dubious 
(see recent changes here)
Do you block by other criteria than just geo? Have you tried disabling all blocks?
It may also be a comms routing problem between the LE server farm(s) and your destination. These can be exceedingly difficult to debug. And, they generally are closer to your end of the connection. LE issues about 4 million certs per day so problems near their server farm would be painfully obvious to the monitoring systems.
Do you see any evidence of inbound HTTP requests to your system as a result of your cert request? You should be seeing 2-3 requests from a production request and 2-5 from staging tests. As the rollout continues there will be 3-5 from both. You should be seeing at least two requests.
Be careful about retrying too often. There is a rate limit of 5 failures / hour. The error will reflect if you are blocked as a result (for an hour).