Hi @zeesteve1
that's expected. Certbot may add a temporary redirect and / or a temporary location. If your system blocks these directories, you will get a 403. The "original" /.well-known/ in your file system may not exist.
Run your command with -vvv and share the result.
PS: Ah, @Osiris has already shared such a log.