This (from the other thread) confirms my suspicions that MiaB is letting ACME use the HTTP challenge method, not the DNS challenge method. That confirms my initial diagnosis that the redirecting he’s doing on box.gideon-it.com is causing ACME to effectively look for the challenge file on the wrong server, i.e. not box.gideon-it.com.