Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for fulton.geek.nz
Cleaning up challenges
Attempting to renew cert (fulton.geek.nz) from /etc/letsencrypt/renewal/fulton.geek.nz.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
Since apache is running on the box it is not surprising that certbot fails to bind to port 443.
you said that you've switched over to using --standalone. Certbot remembers what method you used to obtain your certificate and uses that same method during renewals.
A prerequisite for using --standalone is not having an existing process running that uses the port that you need for your authentication. (--apache, which you had trouble with earlier, does not have this restriction.) While Certbot doesn't inherently know how to stop and restart the existing process, there are --pre-hook and --post-hook options that you can use to tell it how to do so.