diff --git a/nginx.tmpl b/nginx.tmpl
index 2b73158..b50997c 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -762,6 +762,16 @@ server {
         {{- if $globals.enable_ipv6 }}
     listen [::]:{{ $globals.external_http_port }} {{ $default_server }};
         {{- end }}
+
+        {{- if (eq $vhost.https_method "noredirect") }}
+    location /.well-known/acme-challenge/ {
+        auth_basic off;
+        allow all;
+        root /usr/share/nginx/html;
+        try_files $uri =404;
+        break;
+    }
+        {{- end }}
     {{- end }}
     {{- if ne $vhost.https_method "nohttps" }}
     listen {{ $globals.external_https_port }} ssl {{ $default_server }};
@@ -856,4 +866,4 @@ server {
     }
     {{- end }}
 }
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/test/test_ssl/test_noredirect.py b/test/test_ssl/test_noredirect.py
index 0f50063..1d956d1 100644
--- a/test/test_ssl/test_noredirect.py
+++ b/test/test_ssl/test_noredirect.py
@@ -19,9 +19,9 @@ def test_web2_HSTS_policy_is_inactive(docker_compose, nginxproxy):
     assert "Strict-Transport-Security" not in r.headers
 
 
-def test_web3_acme_challenge_does_not_work(docker_compose, nginxproxy, acme_challenge_path):
+def test_web3_acme_challenge_does_work(docker_compose, nginxproxy, acme_challenge_path):
     r = nginxproxy.get(
         f"http://web3.nginx-proxy.tld/{acme_challenge_path}",
         allow_redirects=False
     )
-    assert r.status_code == 404
+    assert r.status_code == 200