Yes, the --http-01-port option should tell certbot to listen on a different port (though of course Let’s Encrypt will still connect to port 80 - so you’ll want to have HAProxy listening on port 80, and it can then proxy to certbot on your chosen port).
What plugin(s) are you using?
- If you’re using
--webroot, I don’t think it supports the--http-01-portoption; if you want to use a different port you would need to configure a webserver to listen there - If you’re using
--standalone, it supports both http-01 and tls-sni-01 so you need to specify which you want it to use with the--preferred-challengesoption - If you’re using
--apacheor--nginx, they don’t support http-01 yet so you’ll have to try out the new version currently in development, or wait for it to be released
BTW, I don’t mean to discourage you from switching to dns-01 if that seems to be a viable option for you - just describing an alternative in case it’s helpful 