I got a timeout on that site (resolved address 216.105.239.55) when trying to connect from two different locations. Could there be a firewall that blocks access to some IP address ranges?
Edit: It actually did connect but it took a very long time on the first connection, and then worked quickly on subsequent connections. Is it possible that there’s some kind of firewall or proxy that performs some kind of time-consuming check on hosts that connect to your site before allowing the connection to complete?
Intermittent network issue sounds like it's on the money. I don't think Content-Disposition will affect Let's Encrypt, since it doesn't look for that header and doesn't otherwise affect the response body. At least, Let's Encrypt can connect to the server sometimes:
Challenge update failures for testing.penforms.penrad.com in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/1772981
acme: error code 403 "urn:ietf:params:acme:error:unauthorized": The key authorization file from the server did not match this challenge [lvIDm50o6cDM2w6LGiJ4eijh_TW4p8agzXFf-65RXv0.49wknCPN_3HICrKF6BR-V-a-E_ipoaGro7D1Fju_2ec] != [dTvsfhE3epTUE2em1hFF212qAdxCrNfsCj20oK9gvXk.82563yWh0HmnK35FH2tUfRsCc7NP3doyWk89Q943qsc]
Maybe a reverse DNS lookup that gets cached? This also looks like a residential connection, which may have something to do with it.