When was your last rebuild? Oh, but this has been going on for a while.
There was something recently about the http port being redirected for .well-known paths, but yours it https. It doesn’t make much sense that it’d be timing out unless the acme process that’s supposed to be listening isn’t for some reason.
I recently worked on the le cert renewal. It is the http to https redirect - acme does not handle being told to redirect well at all and by default attempts to connect on the same protocol (http) as it did when it was setup initially
Recent updates to the let’s encrypt template should fix these renewals going forward.