If I have guessed your domain correctly, the non-www version of your domain is pointing to a different set of IPs to the www version, possibly a URL redirector, that is not compatible with the TLS-SNI challenge.
TLS-SNI has been/is being disabled, please see IMPORTANT: What you need to know about TLS-SNI validation issues
As for what you need to do now, you could try:
certbot renew --preferred-challenges http