I just found this out through error and trial.
The LetsEncrypt validation will now come back to you on IPv6 if you have your IPv6 address configured in DNS.
Therefore if you temporarily open your firewall to allow the verification, you need to open both IPv4 and IPv6 firewalls.