I don't think there should be a problem there, per
If you redirect everything to HTTPS, an expired certificate shouldn't be an obstacle for HTTP-01 verification as long as the specified webroot does actually otherwise get served successfully by the HTTPS server.