No it doesn’t weaken anything i think, usually you are able to bind to any port <1024 with the same rights needed for 80 and 443.
For some cases it’s a very good Solution, but you still have to add a DNS record for every Domain. If you do not run your own DNS Server this is often a manual task. Does this record even stay the same over time?
Why not simply skip this step and connect directly to the desired port (<1024)? What if you run something on 80/443 which is not that configurable than your usual apache/nginx/whatever? Ah i know stop the service for some time is such a great idea (not).
80/443 blocked by some firewall you do not (directly) control may also be valid, some “web hipsters” may forget this but not everything which uses TLS is a webserver.
Having 80/443 blocked maybe often a bit awkward but I don’t think it is a awkward corner case to not wanting to stop or reconfigure some unrelated service just to request a certificate. Could you elaborate on how this would compromise security? On this level you could even argue to exclude 80/443 because many web server configurations out there are fairly easy to compromise because of insecure PHP scripts or similar compared to other usual privileged services.
In the long run the nicest solution would be to have a dedicated port assigned for ACME.