I have (or had) a vhost with an existing TLS certificate. I’ve never bothered setting up a redirect from a regular http request to the https site, the site never ran as a regular http site.
When I tried to get a certificate (certonly --webroot method) i got an authorization error. After setting up a redirect from the http to https it worked fine. Seems like the client should check for an https site if http fails.