This account thumbprint appears to belong to [one of] OVH's ACME accounts.
In the past they were intercepting these requests to generate their own certificates for their load balancer service:
And from what I can tell, they are still doing that. The tell-tale sign is that your Server: nginx/1.14.2
header does not appear in the server response for responses under /.well-known/acme-challenge/
, which means the request does not arrive to your server.
The only suggestion I can make is the same one pfg did in the above post, and that's to use a DNS-01 ACME client. (Or just use the SSL feature included with the OVH load balancer).