In the past, Certbot was probably validating using port 443 with the TLS-SNI-01 challenge type. But Let's Encrypt is phasing TLS-SNI-01 out, and Certbot recently switched to prefer using the port 80 HTTP-01 challenge in version 0.28.0 (though it still supports both for now).
1 Like