Hi @tessus,
The way that the TLS-SNI-01 authentication method works is by reconfiguring your web server to serve a custom certificate. This, in turn, can only be done by editing its configuration files and reloading the server.
HTTP-01 is defined by the ACME standard to require HTTP on port 80 (never HTTPS on port 443) for reasons that have to do with the defaults in some shared hosting environments, where the previously-proposed HTTPS-01 authentication method would have allowed some shared hosting users to obtain certificates for other users’ domains. The people defining the standard considered this an unacceptable risk and removed HTTPS-01 from the specification; HTTP-01 isn’t believed to have this particular problem.
You might also want to look at the DNS-01 method, which is not as well supported by Certbot, but doesn’t require the certificate authority to connect to your server at all. This method is well-supported by some of the alternative clients, especially those written in bash.