It would be good to clarify in the LE page that incoming port 80 will be required.
There is now, I think, the https-01 challenge, which can run on port-443.
In general, people might want to prefer opening only port 443 incoming (whether a port-forward on IPv4, or an incoming ACL rule for IPv6). It might also be worth considering if we can use PCP and/or UPnP to open the port.
I would be happy to discuss this further.