You can read through here for the (very long) story of TLS-SNI: What you need to know about TLS-SNI validation issues
As for why it stopped renewing for you, it's not clear, but if you made any changes with how you terminate SSL, it's possible that it affected Certbot's ability to perform the validation
Using --preferred-challenges http switches Certbot to HTTP validation, which works a bit better and is the default these days.