LetsEncrypt challenges require that ports 80 and 443 are accessible. Not only do they need to be open in the local firewall, but if you’re using a VPS provider with a separate firewall then ingress rules need to be added to allow those ports too.
Oracle also has extra iptables rules by default that may need removing.