Summary of below is ultimately a response of HTTP/1.1 200 OK is being return when there is no file;
that is an issue. Also HTTP is on Apache and is redirected to HTTPS on Nginx; does your ACME client handle putting the < TOKEN > where Nginx will server it?
Here is what I see presently https://letsdebug.net/auth-test.phs.org/1955124?debug=y
Using nmap to show Ports 80 &443 are Open and that
DNS has 2 IPv4 Addresses 13.248.244.122 and 76.223.106.8
$ nmap -Pn -p80,443 auth-test.phs.org
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-14 21:39 UTC
Nmap scan report for auth-test.phs.org (13.248.244.122)
Host is up (0.0091s latency).
Other addresses for auth-test.phs.org (not scanned): 76.223.106.8
rDNS record for 13.248.244.122: a556120ce37110a35.awsglobalaccelerator.com
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
Trying the HTTP-01 challenge with a random token of iqu7zRtwmVzJrKKJ8KV4yKT5gHRid5Jc4Yew3f7L
Expecting a 301 HTTP Response code, but got HTTP/1.1 302 Found; but probably not a big deal as the redirect seems to happen.
$ curl -i http://auth-test.phs.org/.well-known/acme-challenge/iqu7zRtwmVzJrKKJ8KV4yKT5gHRid5Jc4Yew3f7L
HTTP/1.1 302 Found
Date: Tue, 14 May 2024 21:36:20 GMT
Server: Apache
Location: https://auth-test.phs.org//.well-known/acme-challenge/iqu7zRtwmVzJrKKJ8KV4yKT5gHRid5Jc4Yew3f7L
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://auth-test.phs.org//.well-known/acme-challenge/iqu7zRtwmVzJrKKJ8KV4yKT5gHRid5Jc4Yew3f7L">here</a>.</p>
</body></html>
HTTP being redirect to HTTPS with double slash after the .org in the URL
Expecting a 404 HTTP Response code, but got HTTP/1.1 200 OK
$ curl -i https://auth-test.phs.org//.well-known/acme-challenge/iqu7zRtwmVzJrKKJ8KV4yKT5gHRid5Jc4Yew3f7L
HTTP/1.1 200 OK
Date: Tue, 14 May 2024 21:42:20 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 0
x-okta-request-id: ZkPavNqFUvYeZoyBl8vK2QAADQw
x-xss-protection: 0
p3p: CP="HONK"
content-security-policy: frame-ancestors 'self'
x-rate-limit-limit: 100
x-rate-limit-remaining: 99
x-rate-limit-reset: 1715723000
cache-control: no-cache, no-store
pragma: no-cache
expires: 0
referrer-policy: strict-origin-when-cross-origin
accept-ch: Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
Strict-Transport-Security: max-age=315360000; includeSubDomains
X-Robots-Tag: noindex,nofollow
set-cookie: sid="";Version=1;Path=/;Max-Age=0
set-cookie: autolaunch_triggered=""; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/
set-cookie: JSESSIONID=8EE32FC958F8859CC14343C880E7B65B; Path=/; Secure; HttpOnly
HTTP being redirect to HTTPS with double slash REMOVED after the .org in the URL
Same as previous expecting a 404 HTTP Response code, but got HTTP/1.1 200 OK
$ curl -i https://auth-test.phs.org/.well-known/acme-challenge/iqu7zRtwmVzJrKKJ8KV4yKT5gHRid5Jc4Yew3f7L
HTTP/1.1 200 OK
Date: Tue, 14 May 2024 21:43:43 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 0
x-okta-request-id: ZkPbD-um-bbjHqdLw687cwAAB_A
x-xss-protection: 0
p3p: CP="HONK"
content-security-policy: frame-ancestors 'self'
x-rate-limit-limit: 100
x-rate-limit-remaining: 99
x-rate-limit-reset: 1715723083
cache-control: no-cache, no-store
pragma: no-cache
expires: 0
referrer-policy: strict-origin-when-cross-origin
accept-ch: Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
Strict-Transport-Security: max-age=315360000; includeSubDomains
X-Robots-Tag: noindex,nofollow
set-cookie: sid="";Version=1;Path=/;Max-Age=0
set-cookie: autolaunch_triggered=""; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/
set-cookie: JSESSIONID=D07EE3B0F1CE2D8B566DDB97D371A5AA; Path=/; Secure; HttpOnly
Edit
Also this is the double slash
and
Edit:
Let's Encrypt uses Multi-Perspective Validation Improves Domain Validation Security - Let's Encrypt
Seems like you may have some geo blocking happening Website Uptime and Availability of auth-test.phs.org at 14 May 2024 03:23:30 PM : Site24x7 Tools
Please read these: