Isn't this default behaviour for renewal after having Certbot install a cert using --nginx or --apache? As I don't think the default Certbot redirect makes a distinction between http-01 challenge requests and non-http-01 requests with the default redirect.
So that makes me wonder: how can that number of 0.00023 % be so low? That few Certbot users out there?