Let's Encrypt trouble (with serving assets from a hidden directory)

I am trying to get Let’s Encrypt working on a Debian Stretch machine running Elixir 1.9.4. I installed Certbot and run

sudo certbot certonly --webroot --webroot-path /path_to_my_project/priv/static

which failed, as an invalid response was received:

" […] Phoenix.Router.NoRouteError at GET /.well-known/acme-challen"

Judging by information provided by this helpful guide, the problem is due to the non-serving of static assets from this hidden directory:

/priv/static/.well-known/acme-challenge

When I place, for example, a png inside /acme-challenge, the png is inaccessible from my browser. If I then rename /.well-known to /well-known, I am able to access it. As far as my Endpoint configuration is concerned, I am not setting either :only or :only_matching under Plug.Static, but even when I tried an :only word list that included “.well-known”, it did not work.

Any ideas as to what I should be trying next?

You can detach letsencrypt certificate renewal process from your code.
Try use letsencrypt outside elixir, maybe with DNS authorization.
In our case we have 25+ certificates with an umbrella app and use NGINX as a reverse proxy.
Our certificates renewal is done by a script with DNS authorization (Google DNS).

Thanks for your informative response, Pedro. DNS authorization would be my preferred option as well, but is not possible at the present moment.

For anyone who runs into a similar problem in the future:

Testing whether or not assets are served from the hidden /.well-known/acme-challenge directory did not help in my case. In fact, it misled me into thinking that the issue might be Phoenix-related. My problem had to do with the port setting and was resolved by adding --http-01-port [myPort] to the certbot command.