Welcome to the Let's Encrypt Community, @njohnson01! 
You could put a higher exception in your firewall rules that allows all traffic only to the acme-challenge path for HTTP-01 challenges. Not like you face much, if any, risk from that.
3 Likes