I had the same issue (Ubuntu 14.04). I had 3 different certificates/domains with very similar setups, and one was failing with "Failed authorization procedure" after following the instructions linked from the TLS-SNI-01 email:
I just tried your workaround using the --webroot version, and it worked:
certbot certonly --webroot -w /var/www/foobar/public_html -d domain.com -d www.domain.com
I tried a sudo certbot renew --dry-run again after this, and the error no longer occurs.