Here’s what’s going on with the messages in Certbot’s logs about failing to bind to port 80 using IPv4. To automatically handle IPv4 and IPv6 traffic on most systems, Certbot’s standalone plugin first attempts to bind to the port for all interfaces using IPv6 and then bind to the port using IPv4. On most Linux systems, binding using IPv4 fails as IPv4 traffic is routed to the IPv6 port, but since this isn’t the case on all systems like the BSDs, Certbot tries with both protocols and continues execution if at most one fails.
In your most recent log, Certbot served a response for the challenge as seen by these lines:
2017-11-27 16:53:01,529:DEBUG:acme.standalone:::ffff:22.0.0.7 - - Incoming request
2017-11-27 16:53:01,755:DEBUG:acme.standalone:::ffff:22.0.0.7 - - Serving HTTP01 with token u'bQi6-UqmyQoBrt0s4Svj-Q5b6vN-1HwCwo_toG3ad-M'
2017-11-27 16:53:01,755:DEBUG:acme.standalone:::ffff:22.0.0.7 - - "GET /.well-known/acme-challenge/bQi6-UqmyQoBrt0s4Svj-Q5b6vN-1HwCwo_toG3ad-M HTTP/1.1" 200 -
2017-11-27 16:53:01,755:DEBUG:acme.standalone:::ffff:22.0.0.7 - - Incoming request
but Let’s Encrypt timed out before it got the response.
Using our webroot plugin may be a better option for you, but if you want to continue debugging this method, you can add --debug-challenges --verbose to the command line. After doing this, Certbot should stop after output like:
{
"identifier": {
"type": "dns",
"value": "example.org"
},
"status": "pending",
"expires": "2017-12-04T21:18:03.015476576Z",
"challenges": [
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/re0muu91OzyKZBSSrTyqXG7-NYeoRYK0jdQBPl1y63M/79617545",
"token": "Sqpy9TK5O1tmkuHgo2rI11boXZg7fkMRp_b2FWFToBM"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/re0muu91OzyKZBSSrTyqXG7-NYeoRYK0jdQBPl1y63M/79617546",
"token": "dQeXxJiSeD60HSevSdkYVRHnAboPksEclEymGBV3QvU"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/re0muu91OzyKZBSSrTyqXG7-NYeoRYK0jdQBPl1y63M/79617547",
"token": "NpQjL8B6JmVDyz-fOAUP-yr-xKIX6U35qDPu_1MU0WA"
}
],
"combinations": [
[
2
],
[
0
],
[
1
]
]
}
Storing nonce: vb9HxDgYlqCpBmwcpX0sNuTnTTy2u208mp9Kje2t8Os
Performing the following challenges:
http-01 challenge for example.org
Failed to bind to 0:80 using IPv6
Waiting for verification...
-------------------------------------------------------------------------------
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
-------------------------------------------------------------------------------
Press Enter to Continue
At this point, Certbot has deployed the challenge but is waiting for further input from you to continue.
You can now check yourself that the challenge is being served. The URL to check is:
http://<your domain>/.well-known/acme-challenge/<token>
where <your domain> is the domain you gave to Certbot and <token> is the value of token for the http-01 challenge in Certbot’s output. In the output I provided above, this value is NpQjL8B6JmVDyz-fOAUP-yr-xKIX6U35qDPu_1MU0WA. If you request this URL, you should get a 200 response and a short base64 string.