The website really does return that page of obfuscated JavaScript. Maybe it blocks clients from the United States. Or the JavaScript tests whether a client is really a browser.
The Let’s Encrypt validator needs to get the real challenge file, not that page.
You need to figure out what’s sending that page – maybe a web application firewall – and either turn it off or exclude /.well-known/acme-challenge/ from it.