For the record, I’ve had the same issue and the problem was that I forgot to redirect port 80 to the server.
The DNS check done by discourse-server.sh might be done on port 443 only and did not detect the problem.
But Let’s Encrypt does need the port 80 also open.