I have many sites with LE certificates and have no issues.
Is it possible that there are some other devices (Firewalls) in between the CMK instance and the tested web service?
It would be strange if there is only SSL inspection from time to time but it could be possible.
If you receive the error message and check the chain with openssl from inside the CMK instance, what do you see there?