Unfortunately we neglected to test enabling Let’s Encrypt on an already provisioned server which is the problem here I think.
We create some Nginx site configs for Let’s Encrypt “challenges”. I’m guessing these conflict with your existing WP site Nginx conf. If you want to do a little manual work and can stand a few minutes of downtime, you can remove the symlink for your WP site conf in /etc/nginx/sites-enabled.
Then re-run the provisioning process and it may all work.
Actually one easier you could try is swapping the order of these two roles: https://github.com/roots/trellis/blob/76cad9dacc5f4ed84701feeef163c724658be95d/server.yml#L31-L32
Putting letsencrypt last could work too.