So you’re using multisite with domain mapping? That’s a pretty important detail you left out.
Please check this thread: Let's Encrypt issue when adding new domain to multisite
Also, can we see your wordpress_sites.yml? You can mask domain names if you like.