You are correct that we are trying to apply the certificate to our firewall for SSLVPN and HTTPS control. According this guide it should "just work": New Features | FortiGate / FortiOS 7.0.0 | Fortinet Documentation Library. I find it odd that when we ping https://acme-staging-v02.api.letsencrypt.org/directory we get failures. Is it possible LetsEncrypt is trying to blacklist or IP? If we ping from our secondary ISP, it succeeds with 100% response. I'm not 100% sure on the process but I believe when we create the cert in the firewall, it opens the ports required automatically. I don't think there is a way to manually perform this action. I also have a ticket open with the Firewall vendor but when I talked to them yesterday, they were pointing the finger at LetsEncrypt so here we are stuck in the middle. 
I believe my issue is similar to the one here but I'm running the firmware that they said would fix it at the end of the forum. How to recreate a certificate on Fortigate FOS 7.0.1 - Help - Let's Encrypt Community Support (letsencrypt.org). Hopefully I helped answer some of your questions.
2 Likes