In Admin->System Admin->Hostname I put in the hostname that LetsEncrypt was trying to find and voila everything worked.
I had this issue. I could see the request for that URL coming through my pfSense firewall, but it wasn’t coming from a LetsEncrypt mirror.
I tried every iteration of firewall configuration in FreePBX, but that was the final piece needed to make it work.