The --webroot parameter tells acme.sh where the root folder is for that FQDN.
You should place a test text file there to ensure it matches and the test file can be accessed form the Internet.
Connection refused should have nothing to do with acme.sh (when not run in --standalone mode).
The web server or the firewall/router may be blocking those incoming connections.
Here, also, you need to ensure the Internet can reach your site before running any ACME client.
My mistake. You are 100% correct. The server was not responding. My impression was the file was not being created, tripping up the server. But this suggests the file was being created, but then deleted, so I wasn't seeing it. Does that sound correct?
And completely off this exact topic but related to your request.
Any use of other peoples domains (without prior consent) amounts to domain spoofing.
Sure, they set themselves up for this when they provided you with an IP and a working for and reverse DNS entry.
But you must understand that they can change the rDNS record at any time and also the forward DNS record.
So you should be using a domain name under your control (or an FQDN from a domain that has given you their consent to use - like with DDNS service providers).
RE "Domain under my control": Yes is a test environment and yes, it's a domain provided by the hosting company. Wasn't going to be used in production, but always good to be thinking this stuff through.
RE: "files are cleaned up after each use": Thanks. It was my server code was the cause of the error. Not finding the leftover file made me think it hadn't gotten written in the first place.