Had something similar. Caused by the fact that my box had an IPv6 address but was not reachable over IPv6 due to a router configuration error. Lets Encrypt tries ipv6 first and due to some recent bug in their software they did not try ipv4 when ipv6 timed out. Making my box available over ipv6 (correcting the router config) solved it for me.
I use MIAB in an unrecommended way, on its own discrete Linux box behind a router and a firewall. In that setup the box had a valid ipv6 address that it also advertised in its dns. However, due to a problem in the setup of my network the box was not actually reachable over ipv6. Ipv6 packets from outside did not reach it.