I had the same problem with a nginx proxy instance. What I did was avoided 301 redirecting the /.well-known directory by having a separate location block
location /.well-known {
alias /var/www/letsencrypt/.well-known; # have this as the webroot
}
location / {
return 301 https://$server_name$request_uri;
}