Redirects should work fine, and IIRC self-signed certificates should also work for http-01.
The only thing I noticed is that your site is currently using is a SHA-1 certificate expiring after 2017, which some browser vendors treat as untrusted. I suppose it’s possible that the CA server is refusing to connect because of that, but that’s just a long-shot and I haven’t seen that issue come up before. If nothing else comes up, try using a self-signed SHA-2 certificate instead (I think that’s -sha256 with openssl).