That is all perfectly normal and fine.
The problem isn't with the idea it is with port 80 routing. HTTP requests are not reaching your Apache VirtualHosts for port 80 so will never redirect from HTTP to HTTPS
It looks like somewhere port 80 got sent to port 443 in hopes of "redirecting" HTTP to HTTPS. That won't work. Apache needs to see the HTTP request so it can redirect it. The "400" status code says it is not.
You are also using an HTTP Challenge to get the cert so HTTP requests on port 80 need a proper reply.
Not sure what more I can say or how I can say it. I think there is a fundamental flaw in the network config somewhere. We're not a general purpose server / networking help site although we often help guide people with common problems. I've done all I can do.
Perhaps someone else will volunteer assistance.