Certbot Renewal Error

When I started my home lab I wanted to make sure that I had real SSL certificates that are signed by a trusted authority. I ended up going with letsencrypt and setup certbot to maintain the certificates and it was working well and auto-renew was working without a problem. I'd done some software updates on my server and noticed that the certbot logs were showing that they were unable to verify the certificates. I ran a manual test of the renew using the command certbot renew --dry-run and kepy getting the below error. 

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: www.wr-mem.net
  Type:   connection
  Detail: 144.6.107.181: Fetching http://www.wr-mem.net/.well-known/acme-challenge/c8gFaHlMeiNtiFl_j7pFb9s2G5jj97G7qjWkSJI05lY: Connection reset by peer

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate www.wr-mem.net with error: Some challenges have failed.

I started goolgeing and trying a number of fixes that people posted about Apache config files etc and was about to completely rebuild my certbot install but thought okay, let's do a packet capture on the firewall. And there it was. I'd spent hours on this and turns out the fix was to allow acme-protocol on my PA firewall. Once i'd allowed that, everything worked perfectly. Hopefully if anyone else is having this issue and has a PA firewall, it might save them several hours of googleing.