You were right I had the wrong port open in iptables.
HOWEVER, I’ve fixed that and confirmed that I startup a nc server on 443 and connect to it with nc from an external host. Now I get the following (from the s_server startup):
...
[Sun Mar 1 19:22:39 EST 2020] Le_Listen_V4
[Sun Mar 1 19:22:39 EST 2020] Le_Listen_V6
[Sun Mar 1 19:22:39 EST 2020] openssl s_server -www -cert /root/.acme.sh/smtp.jhmg.net/tls.validation.cert -key /root/.acme.sh/smtp.jhmg.net/tls.validation.key -accept 443 -alpn acme-tls/1
[Sun Mar 1 19:22:40 EST 2020] serverproc='1135'
[Sun Mar 1 19:22:40 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar 1 19:22:40 EST 2020] payload='{}'
[Sun Mar 1 19:22:40 EST 2020] POST
[Sun Mar 1 19:22:40 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar 1 19:22:40 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 1 19:22:41 EST 2020] _ret='0'
[Sun Mar 1 19:22:41 EST 2020] code='200'
[Sun Mar 1 19:22:41 EST 2020] trigger validation code: 200
[Sun Mar 1 19:22:41 EST 2020] sleep 2 secs to verify
[Sun Mar 1 19:22:43 EST 2020] checking
[Sun Mar 1 19:22:43 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar 1 19:22:43 EST 2020] payload
[Sun Mar 1 19:22:43 EST 2020] POST
[Sun Mar 1 19:22:43 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar 1 19:22:43 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 1 19:22:43 EST 2020] _ret='0'
[Sun Mar 1 19:22:43 EST 2020] code='200'
[Sun Mar 1 19:22:43 EST 2020] smtp.jhmg.net:Verify error:Connection refused
[Sun Mar 1 19:22:43 EST 2020] Skip for removelevel:
[Sun Mar 1 19:22:43 EST 2020] pid='1135'
/root/.acme.sh/acme.sh: line 2264: kill: (1135) - No such process
[Sun Mar 1 19:22:43 EST 2020] No need to restore nginx, skip.
[Sun Mar 1 19:22:43 EST 2020] _clearupdns
[Sun Mar 1 19:22:43 EST 2020] dns_entries
[Sun Mar 1 19:22:43 EST 2020] skip dns.
[Sun Mar 1 19:22:43 EST 2020] _on_issue_err
[Sun Mar 1 19:22:43 EST 2020] Please add '--debug' or '--log' to check more details.
[Sun Mar 1 19:22:43 EST 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun Mar 1 19:22:43 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar 1 19:22:43 EST 2020] payload='{}'
[Sun Mar 1 19:22:43 EST 2020] POST
[Sun Mar 1 19:22:43 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar 1 19:22:43 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 1 19:22:44 EST 2020] _ret='0'
[Sun Mar 1 19:22:44 EST 2020] code='400'
[Sun Mar 1 19:22:44 EST 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
socat version 1.7.2.3 on Jan 29 2014 05:22:25
running on Linux version #1 SMP Tue Jun 19 21:26:04 UTC 2018, release 2.6.32-754.el6.x86_64, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#define WITH_READLINE 1
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#undef WITH_LIBWRAP
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /*debug*/