Self-hosted setup fails to validate signed LetsEncrypt cert

I'm trying to setup a self-hosted Retool instance and it's failing at to sign the SSL certificate. First of all, my server lives at IP address I have a Route53 DNS A-record pointing at that IP address. On the initial launch of the
retool-onpremise_https-portal_1 container, this snippet appears in the logs:

Signing certificates from ...
Parsing account key...
Parsing CSR...
Found domains:
Getting directory...
Directory found!
Registering account...
Creating new order...
Order created!
Traceback (most recent call last):
File "/bin/acme_tiny", line 197, in
File "/bin/acme_tiny", line 193, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,, disable_check=args.disable_check, directory_url=args.directory_url,
File "/bin/acme_tiny", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u''], u'url': u'', u'hostname': u'', u'resolverAddrs': [u'A:10.0 .12.83:26820', u'AAAA:'], u'addressUsed': u'', u'port': u'80'}], u'url': u'https://acme-v02.', u'token': u'a83RT7qeZfs1RKxiNSVGCYb-nGd_NQzMo-TaeW8mih0', u'error': {u'status': 400, u'type': u'urn:ietf:params:acme:error:connection', u'detail': u' Fetching Timeout during connect (likely firewall problem)'}, u'validated': u'2024-03-18T18:46:56Z', u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value':u''}, u'expires': u'2024-03-25T18:46:55Z'}


Failed to sign, is DNS set up properly?

Failed to obtain certs for

I can reproduce that error by exec'ing into the container, opening irb and running these commands:

require '/opt/certs_manager/certs_manager'

In the container, I can successfully curl, as well as from the server and from my desktop, so the validation record is there and being served, it's just failing to validate.

Any idea what's going on? Without a signed and validated cert, Nginx is refusing all connection requests. Relevant settings:

  1. docker-compose.yml STAGE is 'production' in http-portal's environment.
  2. docker.env has COOKIE_INSECURE=true and a valid LICENSE_KEY.