Found this happening in my new mailcow installation and could reproduce following the steps here https://docs.mailcow.email/post_installation/firststeps-ssl/#lets-encrypt-out-of-the-box to re-run the ACME plugin. Found lots of others complaining about this and recommendations to disable IP and HTTP checks.
Don’t do that! Instead fix your NAT reflection rules so that your containers can talk to your external IP address. With OPNsense I had to enable “Reflection for port forwards” AND “Automatic outbound NAT for Reflection.”
YMMV