I am also confronted with Error 522 messages. Increasingly. I do not use Let’s Encrypt but flexible SSL provided by Cloudflare.
From my server side it looks ok. No load. Empty logs. When I do a traceroute on the sever IP it connects immediately. Not so when tracerouting the full domain name. Traceroute doesn’t go beyond the Cloudflare network. Traceroute also warns that my domain name has mutliple addresses. This may be due how the Cloudflare DNS proxy is structured. When I switch my Cloudflare DNS to ‘DNS only’ I can reach the site, without SSL, which of course defeats my purpose of using Cloudflare in the first place!!. From this I am pretty convinced the 522 issue is with Cloudflare, not with my ISP, hosting company, or server setup. I have been using the same setup for years now, and only recently the 522 error reared its ugly head.