Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
You have a firewall or similar device blocking the first request from a specific IP. Let's Encrypt servers use a variety of IP addresses so they are being blocked.
Let me explain as I can reproduce this from my own test server. My first request from a fresh IP address to your domain failed with "reset by peer". A request right after succeeded. But, if I waited several minutes I again got a "reset by peer". This pattern repeats.
We have seen this before and I don't have a good suggestion. It is likely a problem with your ISP network routing or some firewall device.
You should consider using a DNS Challenge instead. Or, correct the network or firewall problem causing the "reset by peer".
Here is sample
# Works (I made a previous attempt which got "reset by peer")
date: Thu Feb 8 03:33:49 UTC 2024
curl -i http://medical.ssbmm.org
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 08 Feb 2024 03:33:53 GMT
X-Powered-By: ASP.NET
(data omitted)
# Fails 8 minutes later
date: Thu Feb 8 03:41:52 UTC 2024
curl -i http://medical.ssbmm.org
curl: (56) Recv failure: Connection reset by peer
# Works right after
date: Thu Feb 8 03:41:59 UTC 2024
curl -i http://medical.ssbmm.org
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 08 Feb 2024 03:42:01 GMT