In apache2, ModSecurity seems isn't installed at all:Luke,
Screenshots show different locations of your test files, I guess it's from the same server, and display the issue with accessing acme-challenge.
I don't know your setup, but can it be so that you access different servers from your browser with and without acme-challenge?
ModSecurity in apache/nginx enabled? What if to disable?
[root@323876 ~]# find / -name mod_security [root@323876 ~]#
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
[Sun Oct 08 09:37:00.956734 2017] [core:crit] [pid 753] (13)Permission denied: [client censored:51378] AH00529: /home/censored/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/censored/' is executableAnything useful in Apache logs?
[COLOR=#333333]unable to check htaccess file, ensure it is readable and that '/home/censored/' is executable