Auto-Renew Failing on HTTPS-only Server

For HTTP-01 validation, that's correct.

You may use:

  • TLS-ALPN: Works over port 443, but requires a special kind of webserver (or nginx with the SSL stream preread module compiled), Certbot can't do it for you.
  • DNS-01: Requires the ability for your ACME client to set a TXT record on the domain(s) it's issuing certificates for.