Acme says VerifyError:Timeout even though port 443 is open

You were right I had the wrong port open in iptables.

HOWEVER, I’ve fixed that and confirmed that I startup a nc server on 443 and connect to it with nc from an external host. Now I get the following (from the s_server startup):

...
[Sun Mar  1 19:22:39 EST 2020] Le_Listen_V4
[Sun Mar  1 19:22:39 EST 2020] Le_Listen_V6
[Sun Mar  1 19:22:39 EST 2020] openssl s_server -www -cert /root/.acme.sh/smtp.jhmg.net/tls.validation.cert  -key /root/.acme.sh/smtp.jhmg.net/tls.validation.key  -accept 443 -alpn acme-tls/1
[Sun Mar  1 19:22:40 EST 2020] serverproc='1135'
[Sun Mar  1 19:22:40 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:40 EST 2020] payload='{}'
[Sun Mar  1 19:22:40 EST 2020] POST
[Sun Mar  1 19:22:40 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:40 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 19:22:41 EST 2020] _ret='0'
[Sun Mar  1 19:22:41 EST 2020] code='200'
[Sun Mar  1 19:22:41 EST 2020] trigger validation code: 200
[Sun Mar  1 19:22:41 EST 2020] sleep 2 secs to verify
[Sun Mar  1 19:22:43 EST 2020] checking
[Sun Mar  1 19:22:43 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:43 EST 2020] payload
[Sun Mar  1 19:22:43 EST 2020] POST
[Sun Mar  1 19:22:43 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:43 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 19:22:43 EST 2020] _ret='0'
[Sun Mar  1 19:22:43 EST 2020] code='200'
[Sun Mar  1 19:22:43 EST 2020] smtp.jhmg.net:Verify error:Connection refused
[Sun Mar  1 19:22:43 EST 2020] Skip for removelevel:
[Sun Mar  1 19:22:43 EST 2020] pid='1135'
/root/.acme.sh/acme.sh: line 2264: kill: (1135) - No such process
[Sun Mar  1 19:22:43 EST 2020] No need to restore nginx, skip.
[Sun Mar  1 19:22:43 EST 2020] _clearupdns
[Sun Mar  1 19:22:43 EST 2020] dns_entries
[Sun Mar  1 19:22:43 EST 2020] skip dns.
[Sun Mar  1 19:22:43 EST 2020] _on_issue_err
[Sun Mar  1 19:22:43 EST 2020] Please add '--debug' or '--log' to check more details.
[Sun Mar  1 19:22:43 EST 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun Mar  1 19:22:43 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:43 EST 2020] payload='{}'
[Sun Mar  1 19:22:43 EST 2020] POST
[Sun Mar  1 19:22:43 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:43 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 19:22:44 EST 2020] _ret='0'
[Sun Mar  1 19:22:44 EST 2020] code='400'
[Sun Mar  1 19:22:44 EST 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
socat version 1.7.2.3 on Jan 29 2014 05:22:25
   running on Linux version #1 SMP Tue Jun 19 21:26:04 UTC 2018, release 2.6.32-754.el6.x86_64, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #define WITH_READLINE 1
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #undef WITH_LIBWRAP
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/