Self hosted bitwarden - letsencrypt autoupdate failing

I’ve been running bitwarden self hosted on linux for over a year now without issue. I’ve done several updates to the bitwarden software and to the letsencrypt certificate in that time without issue.

Now I’m getting this error when updating:

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: xxxx
Type: connection
Detail: During secondary validation: x.x.x.x: Fetching http//xxxx/.well-known/acme-challenge/xxxx: Timeout during connect (likely firewall problem)

I know that my FW is configured and working correctly for this update because I’ve done a tcpdump and can see the successfully TCP 3-way handshake initiated from outbound1h-letsencrypt-org to my server. That conversation ends gracefully with a FIN sent by outbound1h-letsencrypt-org then other connections are set up to my server from amazonaws-com. All of which also are successful connections.

Any ideas on what could be going wrong?