HestiaCP panel: Let's encrypt finalize bad status 403

The key part of that log is the result of the challenge which is:

"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/406086082746/YOAERQ",
"status": "invalid",
"validated": "2024-09-20T12:49:52Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "130.61.123.88: Invalid response from http://bellerad.io/.well-known/acme-challenge/dvomvcg6anw04wnmsgfxgsafzwpgcfqp-27ghtfqfwa/: 404",
"status": 403
},

Note the "detail" part which shows the URL that failed. All of the characters are lower-case. That is wrong. Something on your system is redirecting requests but changing everything to lower case.

I can reproduce that failure with simple requests:

# This redirects by adding trailing slash
# Probably also creates problem but still upper case
curl -iL http://bellerad.io/.well-known/acme-challenge/Test404UPPER
HTTP/1.1 301 Moved Permanently
Server: nginx
X-Powered-By: Express
Location: /.well-known/acme-challenge/Test404UPPER/

# Following that link gets redirected again but all lower case now
HTTP/1.1 301 Moved Permanently
Server: nginx
X-Powered-By: Express
Location: /.well-known/acme-challenge/test404upper/

# And finally this.  
HTTP/1.1 404 Not Found
Server: nginx