That is the overall failure but the underlying reason is a "404" (HTTP Not Found). The Let's Encrypt Auth Server asked your server for the challenge token and you told LE you did not have it.
Did you review the related KB article? The Plesk system is likely not configured correctly to match your server. Which looks like nginx and not:
You would probably be better off asking your hosting service about this. They setup Plesk and your system and are better positioned to answer setup questions.
Believe it or not the order of the IP NATs was the issue. If the .221 NAT was ahead of the .220 NAT, in my firewall rules, it would not work. I never knew the IP order mattered.
So I have two Plesk servers...one is my production server and one is my test server. Each server has multiple websites on it. Each server has an iteration of Nginx, for reverse proxy and this is where the issue lies. When a call comes in from one public IP each Nginx iteration wants to respond. I had one of two choices...move the Nginx process upstream to my firewall, so one Nginx process would handle both servers or have a second public IP and setup NAT rules for each server to use an independent public IP. I chose the second option.
My public IPs end in .220 and .221. .221 was already being used by the production server. I then setup NAT rules to associated .220 with my test server but it would never work. In reviewing this I noticed that the NAT rules for .221 were ahead of the rules for .220. I simply reversed the order and both now work just fine.
Not sure why this is but it works and I will take it.
Is the production server also accessible via those rules?
If so, then I can't explain what the rule order has to do with the previous errror.
hmm...
Except, maybe, do you have to restart the router for those rules to take effect?
If so, then maybe the rules you were looking at were not actually the rules being used.
That is my only possible explanation.
You could prove/disprove this theory by reversing the NAT rules once again and see if the problem returns.
Yes both servers are finally accessible over their individual IPs. Its soo weird but I think you hit the nail on the head. What was in the rules was not what was running, which I find soo strange bc when I apply any changes it immediately applies the config change.
I changed the order, just to make sure there is no issue, and yes both servers can still be accessed. Chalk it up to gremlins in my firewall...that surely makes me nervous!