As others stated, this is not allowed due the RFC and the CA/B Forum Baseline Requirements.
The reason for this, is because there is a known Security Risk. The TLS-SNI-01 method was deprecated in January 2018, and entirely removed in March 2019. See:
- 2018.01.11 Update Regarding ACME TLS-SNI and Shared Hosting Infrastructure
- March 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support - #2 by jsha
TLS-ALPN-01 was specifically designed to allow HTTPS only authorization, and works around the known security risks.
The common ways to handle your situation (in descending order or popularlty) are to use HTTP-01 and redirect or proxy the port-80 traffic, utilize DNS-01, or utilize TLS-ALPN-01.