...
However, Let's Encrypt only needs to be able to access the /.well-known/acme-challenge/ path. You can configure your firewall to block access to everything else, if you want.
Finally, you should To check if or not port 80 is open Navigate to the Internet, navigate to http://your-dualshield-fqdn/cert/hello
...