Unable to renew cert using nginx plugin, fresh cert creation succeeds

For further certainty, I also disabled PHP from the main server block, to ensure Wordpress could not apply any https rewriting. I verified that curl -v http://friendsofvalledeoro.org retrieved a static page with no redirection headers or meta refresh redirects. The dry-run against the root still fails, but now the error message lists http:// on the challenge URL rather than https://

By the way, thank you for stepping through this with me!

# certbot renew --dry-run --cert-name friendsofvalledeoro.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/friendsofvalledeoro.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for friendsofvalledeoro.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (friendsofvalledeoro.org) from /etc/letsencrypt/renewal/friendsofvalledeoro.org.conf produced an unexpected error: Failed authorization procedure. friendsofvalledeoro.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://friendsofvalledeoro.org/.well-known/acme-challenge/9a-yWnyNmiegLF-T3UaJ8wiNIVpsZ0EjsovC10u3UTE [138.197.233.49]: "<?php\n/**\n * Front to the WordPress application. This file doesn't do anything, but loads\n * wp-blog-header.php which does and t". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/friendsofvalledeoro.org/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/friendsofvalledeoro.org/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: friendsofvalledeoro.org
   Type:   unauthorized
   Detail: Invalid response from
   http://friendsofvalledeoro.org/.well-known/acme-challenge/9a-yWnyNmiegLF-T3UaJ8wiNIVpsZ0EjsovC10u3UTE
   [138.197.233.49]: "<?php\n/**\n * Front to the WordPress
   application. This file doesn't do anything, but loads\n *
   wp-blog-header.php which does and t"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

curl http verification output:

$ curl -v http://friendsofvalledeoro.org
* Rebuilt URL to: http://friendsofvalledeoro.org/
*   Trying 138.197.233.49...
* TCP_NODELAY set
* Connected to friendsofvalledeoro.org (138.197.233.49) port 80 (#0)
> GET / HTTP/1.1
> Host: friendsofvalledeoro.org
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Wed, 25 Sep 2019 23:26:53 GMT
< Content-Type: application/octet-stream
< Content-Length: 420
< Last-Modified: Wed, 15 May 2019 22:02:29 GMT
< Connection: keep-alive
< ETag: "5cdc8c75-1a4"
< X-XSS-Protection: 1; mode=block
< Accept-Ranges:  none
<
<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define( 'WP_USE_THEMES', true );

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );
* Connection #0 to host friendsofvalledeoro.org left intact