To those that might run into this issue in the future, we have figured out the issue.
I wrongfully assumed that we needed to add the web server's IPv6 address to the External Interface of the firewall. This is how we have it set up in the IPv4 list. All of the external IPv4 addresses are in External interface. Well, this is wrong. The web server's IPv6 address does not need to be listed in the interface at all. It only needs to be added as a 'network object' to be referenced by the firewall rule.
So, back to the firewall rule. The ports are still 80, 443. The Source is <any v6>, the Destination is the web server's IPv6 address. The Source zone is External and the Destination zone is internal. This means that any external IPv6 source is directed through the firewall, internally, to the web server's IPv6 address. That's it. Done.