Description of problem:
Hello!

I had a hard time renewing my letsencrypt certs today. It turned out to be a combination of things. letsencrypt recently started verifying certificated over ipv6 (awesome). I have been using certbot with the --standalone flag, partly for simplicity (no messing with httpd configs) and partly because I have a few hosts that don't have port 80/443 (XMPP server, for example). I was banging my head for a while trying to figure out why it couldn't connect over v6 to this host because it seemed to work for me otherwise, and I finally thought to check that the client was binding to ipv6 and it wasn't!

Anyways, this was actually recently fixed upstream:

https://github.com/certbot/certbot/issues/1466
https://github.com/certbot/certbot/pull/4773

I'd like to request either a version bump to an upstream release that has that fix, or a backport of the patch if feasible. In the meantime, I will probably just switch to using httpd for verification.


Version-Release number of selected component (if applicable):
certbot-0.14.1-3.fc26.noarch


How reproducible:
Every time.


Steps to Reproduce:
1. Fire up watch on ss -lnp to see the ports that are being used on the host.
2. Use certbot with --standalone to get a cert. You can use the --dry-run flag if you please.


Actual results:
You'll see certbot bind to the ipv4 address, but not the ipv6 address.


Expected results:
It should bind to both v4 and v6.