I think your bigger problem with that board is going to be that PCIe slot is a PCIe 2.0 x1 slot so it will be slow but you can just use an adapter like this:
https://www.newegg.com/startech-com-model-pex1to162-pci-express-to-pci-card/p/N82E16815158223
Flexible versions exist too! I’m also not sure you would get a lot of benefit out of a GT730 really so YMMV.
I am in the same boat, long time infrastructure automation engineer as well. Sometimes it’s faster to explain how terraform or whatever needs to act and then fix the issues rather than having to sift through the docs for every provider.
I also do a similar thing to you with code, I also have to read a lot of other people’s code in languages I don’t know to help troubleshoot things and while I can usually follow the logic it is such a time saver to have AI to read the docs for the libraries and languages for me to at least find the part of the docs I need to read faster than searching myself.
Overall, I also agree with the sentiment on AI most of the time and all of its criticisms are definitely valid but I think too many people try to use AI to do their work for them instead of using it more like a rubber duck you can program with normal language.
Lots of good suggestions here already but what is your upstream DNS provider and is it your ISP DNS from DHCP?
So I am pretty sure that error is happening because certbot can’t retrieve the certificate which is coming from that API no matter what type of challenge you are using (this is what ACME is).
Now when you say you are blocking inbound traffic, have you made an exception for established outbound session return traffic? If not then you your inbound rule will block all traffic because without that exception the explicit deny will typically override any session/stateful based rules your firewall might have by default (this applies to most firewall vendors I have run into).
That said, I’m not sure what your goal is but blocking outbound traffic to those ASN might be more effective for you anyway because your firewall should already be dropping any inbound traffic that isn’t otherwise allowed so I’m not sure blocking inbound traffic really gains you anything but I’m just guessing. Hope that all makes sense!