Hi David, sorry I may need a little more to go on in order to help. Perhaps you could send your log file through to support at certifytheweb.com?
The http-01 challenge requires port 80 to be open as let’s encrypt will only start with http on port 80 for validation (although it will will redirection to https from there). You should confirm that accessing your site via http on port works externally before proceeding with the http-01 challenge type.
If you are on the latest version and have not disabled the internal http challenge server the default configuration will actually not use IIS at all (although it will create config folders as a fallback) and will instead create a temporary port 80 listener in front of IIS while responding to the http challenge.