======================
Type: unauthorized
Detail: Invalid response from
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
You should make sure requests for the path /.well-known/acme-challenge/ aren't processed through your reverse proxy.
That's because the HSTS header is only processed when it is received through HTTPS. But if you have a flaky HTTPS setup, some users might receive the HSTS header through HTTPS, enabeling it, after which perhaps your HTTPS setup, because not very stable for some reason, is disabled. Result: users with an enabled HSTS can't reach your site any longer.
Tested it how? We can only work with the information you're giving us. In this case, more is better..