If you have that redirection in place, Let’s Encrypt will respect it and follow it. This means that you don’t need to disable the redirection to perform certificate renewals with Let’s Encrypt. A setup with HTTP → HTTPS redirection, with or without HSTS, is perfectly fine for Let’s Encrypt.
For the HTTP-01 validation method, Let’s Encrypt will
- require an initial valid HTTP response on port 80
- follow any HTTP 301 redirections, to the same or a different host, in either HTTP or HTTPS protocols
- ignore any mismatched or expired certificates on HTTPS URIs reached as a result of such redirections
- ignore the presence of HSTS (that is, the validation always starts with HTTP on port 80)