Let's Encrypt ignores HTTPS certificate errors while trying to validate an HTTP-01 challenge, specifically to help handle this kind of case. It may be that dehydrated doesn't understand that though and is attempting to validate the file itself before sending it to Let's Encrypt?
In any event, it's definitely not trying to do DNS authentication, and it may be easier to set that up (especially if you've had that working before) than to try to convince Dehydrated to continue with the expired HTTPS certificate.