It is a response that makes sense, for http-01, with a non proper certificate.
IP based virtualhosts make no sense to me. Unless you're doing hacky stuff listening to different IPs in 127.0.0.0/8 that is. 
Which goes to my first post:
The HTTP challenge request should have been handled then [not redirected to (a non-existent) HTTPS site].
Either/or. Both work.