I'm not sure what this is referring to.
The change affecting you, is that the certificate authority should be able to connect to your server over port 80. Nothing about your existing HTTPS setup is affected.
I am not even convinced that your DDoS reason is a valid complaint against using 80. Certbot would attempt renewal about 60 times across 30 days before a certificate expires. If your port 80 is inaccessible from the wider internet, that many times in a row, I would consider that your server is not actually on the internet.
I have to ask you genuinely - did you try to use HTTP validation in practice? Because it sounds like it would probably work fine, even if it was flakey due to attacks. Certbot does not rely on your server (or the CA) to be "online" at all times.
Yes, the extra complication is regrettable, sorry.