Are you able to disable this security feature for specific paths? If so you should make an exception for
/.well-known/. This path is used for more than just ACME HTTP-01 (in
/.well-known/acme-challenges) and is actually inherited from a broader web standard, RFC 5785. It’s likely as more technologies build on top of RFC 5785 you’re going to have more and more trouble caused by this security feature.
In addition to @osiris’ suggestion (thanks!) to switch to DNS based verification with the ACME DNS-01 challenge type you could also switch to TLS based verification with the ACME TLS-SNI-01 challenge type. That won’t require accessing a file in a
If you share which ACME client (Certbot?) you’re using, and more information about the current way you use it, someone can likely suggest steps to switch to DNS-01 or TLS-SNI-01.
Hope that helps!