diff --git a/acme/autocert/renewal_test.go b/acme/autocert/renewal_test.go
index ffe4af2a5c..460a384255 100644
--- a/acme/autocert/renewal_test.go
+++ b/acme/autocert/renewal_test.go
@@ -8,6 +8,7 @@ import (
 	"context"
 	"crypto"
 	"crypto/ecdsa"
+	"runtime"
 	"testing"
 	"time"
 
@@ -42,6 +43,15 @@ func TestRenewalNext(t *testing.T) {
 }
 
 func TestRenewFromCache(t *testing.T) {
+	if runtime.GOOS == "windows" && runtime.GOARCH == "arm64" {
+		// This test was observed to fail frequently in Dial with "connectex: No
+		// connection could be made because the target machine actively refused it."
+		//
+		// Failures started around CL 381715, so it looks to me (bcmills) like an
+		// undiagnosed bug in (or exposed by) acmetest.CAServer.
+		t.Skipf("skipping test on windows/arm64: see https://go.dev/issue/51080")
+	}
+
 	man := testManager(t)
 	man.RenewBefore = 24 * time.Hour
 
@@ -127,6 +137,15 @@ func TestRenewFromCache(t *testing.T) {
 }
 
 func TestRenewFromCacheAlreadyRenewed(t *testing.T) {
+	if runtime.GOOS == "windows" && runtime.GOARCH == "arm64" {
+		// This test was observed to fail frequently in Dial with "connectex: No
+		// connection could be made because the target machine actively refused it."
+		//
+		// Failures started around CL 381715, so it looks to me (bcmills) like an
+		// undiagnosed bug in (or exposed by) acmetest.CAServer.
+		t.Skipf("skipping test on windows/arm64: see https://go.dev/issue/51080")
+	}
+
 	ca := acmetest.NewCAServer(t).Start()
 	man := testManager(t)
 	man.RenewBefore = 24 * time.Hour