my --standalone request was failing with could not connect to server errors.
I mascaraed port 80 to port 4001 so that I can run my server on 4001 without running the server as root. (I’m running straight node.js)
Redirect port 80 to port 4001 so that node.js server can run in unprivileged
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 4001
Letsencrypt worked find after I turned this off. Hopefully this will help others as it took me a while to figure out.
It might be helpful if letsencrypt had an option to specify the local port # to run on. This would enable running the script without root privilege.