It might help the validation process if there was an --expect-https or --cdn type parameter option.
So that when --nginx or --apache installer is used, certbot can be better prepared to handle the inline CDN HTTP>HTTPS redirection and properly serve the actual request heard.