I am a little slow today, so correct me if I am wrong.
Are you trying to renew LE certs and IPFire is blocking the requests?
Did you check Suricata log if anything is triggering IPS? Could be something like an ET INFO for a cert for a suspicious TLD etc…
Is the DNS API for your hosting company not working ?
I read someone having similar issues with LE
He switched to ZeroSSL. and using one of the ACME sh scripts everything worked fine.
something like this
I did notice there are more Suricata rules that block ZeroSSL, then Letsencrypt.
I read your other HAProxy post
When you got a minute could you elaborate on your HAProxy setup.?
Sounds like an ultimate setup for intrusion prevention.