The “ACME server on non-HTTPS ports” issue is one that’s been extensively discussed on GitHub.
I’d rather not rehash that discussion here because I think the GitHub issue is the best place for it, but you can find that discussion at
In the current implementation the ACME validation must be performed to a web port, even if the certificate is later going to be deployed on a non-web server. (The standalone authenticator listens on port 443; if you have something else listening on that port, you have to shut it down temporarily in order to use the standalone authenticator.)