Boulder ignores certificate validation errors of all kinds when following redirects from HTTP to HTTPS during validation of an HTTP-01 challenge. So for example, if an existing certificate is already expired, that won't be a problem for Boulder's challenge validation.
The "if there is not yet any certificate" problem should usually not arise in most users' configurations because the HTTP → HTTPS redirect should normally be set up after the first certificate has been obtained. (That's what Certbot does, for example—it won't create this redirect until a certificate has already been successfully installed.)