Consider these 3 bits from the rationale for removing the TLS-SNI-01 Challenge: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure
However, Frans noticed that at least two large hosting providers combine two properties that together violate the assumptions behind TLS-SNI:
This issue only affects domain names that use hosting providers with the above combination of properties. It is independent of whether the hosting provider itself acts as an ACME client.
We have decided to re-enable the TLS-SNI-01 challenge for certain major providers who are known not to have issues while we investigate re-enabling TLS-SNI-01 in general.
Those are essentially the same grounds as described in the pdf @schoen shared, for removing https validation within the http-01 challenge.
While a lot of things mentioned above are technically possible, they can not be assumed to be relatively secure because of how large numbers of hosting providers have deployed their systems AND because of how large numbers of shared hosting management systems are designed.
Even though they could be potentially remedied in the future, these approaches are guaranteed to be insecure on a large number of domains – and that is the important metric that guides ISRG's decision making.