Timeout during connect (likely firewall problem)

Something probably changed since you last validated the names.

If you added the IPv6 IP to your DNS after last time, that would explain it, of course.

Or if your IPv6 connectivity was working before and only broke recently.

If the website didn't used to redirect to HTTPS, that could explain it. Redirecting to HTTPS is fine, but redirecting to a broken destination won't validate reliably, if at all. Let's Encrypt will try to work around some issues for the first request, but less so -- or not at all? -- for subsequent requests. (Also, I don't think there's any fallback attempt for "no route to host" errors.)