This looks indeed strange. Just now, i have refreshed the certificate on openacs.org via letsencrypt,tcl, and everything went as expected (see log below). Maybe, your were unlucky, and the service was down at this time.
One can check the availability of the API with
https://letsencrypt.status.io/.
Concerning the error message: The only place in NaviServer to return a "can't' connect" error message is the following statement:
Ns_TclPrintfResult(interp, "can't connect to %s port %hu: %s",
host, portNr,
(Tcl_GetErrno() != 0) ? Tcl_PosixError(interp) : "reason unknown");
You see, it gets its error information from Tcl.
so far, i had no indication that this is unreliable.
-gn
Output from letsencrypt.tcl:
Obtaining a certificate from Let's Encrypt using the Production API:
Let's Encrypt URLs:
https://acme-v01.api.letsencrypt.org/acme/key-change
https://acme-v01.api.letsencrypt.org/acme/new-authz
https://acme-v01.api.letsencrypt.org/acme/new-cert
https://acme-v01.api.letsencrypt.org/acme/new-reg
https://acme-v01.api.letsencrypt.org/acme/revoke-cert
Reuse existing account registration at Let's Encrypt
Authorizing account for domain openacs.org... returned HTTP status 201
... getting HTTP challenge... returned HTTP status 202
... validating the challenge... status: pending
... retry after one second... status: pending
... retry after one second... status: valid
...
