SNI puts the DNS names you're connecting to in plaintext at the start of every TLS connection. Running your DNS over an encrypted channel won't stop someone from knowing or blocking the sites you connect to.
Luckily, from 2018 on, SNI will be mostly unnecessary, as LE will support Wildcard certificates, with DNS verification, for many domains in a single certificate.
SNI will still be necessary for when you have multiple servers under one IP (until IPv4 is deprecated, this is necessary), for example on a shared host (which might even have shared IPs under IPv6).
IIRC there are some ways SNI will be encrypted with TLS 1.3 so it's not a problem to begin with.