For future uses and changes to the ACME standards, I would recommend both TCP80 and TCP443. HTTP-01 should use TCP80 unless there is redirects causing issues as we do not follow redirects.
Have you verified your setup and network scheme? Try setting up a separate instance and test with an open FW, then continue to enable FW rules.
Is it the FW causing issues or is there an error with the request, please check the error message received from the server and your client log data? Send the error message received if possible.