OK, I learned how to do the packet dump.
tcpdump -s0 port 80 > /root/tcpdump.txt
It produced hundreds of lines that contain letsencrypt.org. I removed all the other lines. I’m certain this dump contains all the activity for just 1 validation event. I verified that my script does NOT repeat this action when it fails. Any repetition should be internal to certbot behavior in this dump.
This forum doesn’t allow me to upload files as a new user. I have posted it in plain text on my web site:
I was able to renew successfully like 80% of the time right now which was annoying since I wanted it to fail in this case.
I do have tweaks in my linux /etc/sysctl.conf file to protect and improve performance under load. I tried removing/changing some of those values today too, but it didn’t make the problem stop, and it hasn’t been a problem with other normal internet robots/users to have the configuration I do. I’m just mentioning it, since you are talking about SYN, and linux can protect against some bad packet behavior automatically like syn flood or slow packets. I wouldn’t know if you have a system that skips or does the sequence of packets wrong.
Just to be clear, I don’t know enough to be able to interpret what I’m sending you in this dump. I’m not saying that the dump indicates a problem. I’m just providing what was requested to be helpful.