No Nginx errors (nginx -t shows OK), no external firewalls enabled (Cloudflare or anything else).
I’ve noticed that the .well-known wasn’t there in my site’s webroot so I created it from scratch setting web domain user’s ownership, but still having this error…
BTW I’m using the latest HestiaCP release: 1.6.7 , my site is password protected with httpauth feature and I use a custom template copied from /usr/local/hestia/data/templates/web/nginx/php-fpm/wordpress.tpl and stpl.
I found the culprit… damn it…it was the custom template… as soon as I’ve setup the default wordpress template, voilà!! no more validation status 400 errors…
Quite weird as I made a straight copy from the default wordpress template and didn’t add any custom code… (?!)