for future reference there are a few ports that need to be open for let’s encrypt to work, and it has a very small timeout (as you have found) so if the dns isn’t great it fails. Cloudflare will cache your site/dns so usually works