Traefik trying to update certificates from Let's Encrypt fails with error 403

Question

We have traefik (v2.9.9) running in a Docker Container with a number of services using Let's Encrypt to request certificates and traefik's basicAuth middelware to secure access to this services.

When traefik tries to update the certs error 403 appears. Our traefik configuration: traefik.yml

# Info von
# https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04
entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: ":443"

  webservice:
    address: ":8080"

api:
  dashboard: true

# https://doc.traefik.io/traefik/https/acme/
certificatesResolvers:
  lets-encrypt:
    # Enable ACME (Let's Encrypt): automatic SSL
    acme:
      # Email address used for registration.
      #
      # Required
      #
      email: "<valid email adress>"
      
      # File or key used for certificates storage.
      #
      # Required
      #
      storage: "acme.json"

      # tlsChallenge:
      httpChallenge:
          # used during the challenge, hier kummt evtl. webservice hin. Bin aber nicht Sicher.
         entryPoint: web

providers:
  docker:
    watch: true
    network: "web"

  file:
    filename: "traefik_dynamic.yml"
  
# Configuring a buffer of 100 lines
log:
  filePath: "/var/log/traefik.log"
  level: DEBUG
  format: json

accessLog:  
  filePath: "/var/log/access.log"
  bufferingSize: 100
  format: json  
  fields:
    defaultMode: keep  

traefik_dynamic.yml:

# Info von
# https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04
http:
  middlewares:
    simpleAuth:
      basicAuth:
        users:
         - <USER1>
         - <USER2>

  routers:
    api:
      rule: "Host(`traefik.our.Domain`)"
      entrypoints:
        - "websecure"
      middlewares:
        - "simpleAuth"
      service: "api@internal"
      tls:
        certResolver: "lets-encrypt"

Excerpt from docker-compose.yml:

version: "3"
services:
  traefik:
    image: traefik:latest
    command:
      --acme.acmelogging=true
      --accessLog
    environment:
      - TZ=Europe/Berlin
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $PWD/traefik/traefik.yml:/traefik.yml:ro
      - $PWD/traefik/traefik_dynamic.yml:/traefik_dynamic.yml:ro
      - /opt/traefik/acme.json:/acme.json:rw
      - /opt/traefik/logs:/var/log:rw
    networks:
      - web

...  

  phpmyadmin:
    image: phpmyadmin:5
    restart: unless-stopped
    depends_on:
      - database
    labels:
      - traefik.http.routers.phpmyadmin.rule=Host(`phpmyadmin.our.Domain`)
      - traefik.http.routers.phpmyadmin.tls=true
      - traefik.http.routers.phpmyadmin.tls.certresolver=lets-encrypt
      - traefik.http.routers.phpmyadmin.middlewares=simpleAuth@file
      - traefik.port=80
    environment:
      - PMA_ARBITRARY=1
      - PMA_ABSOLUTE_URI=https://phpmyadmin.our.Domain
      - PMA_HOST=database
    networks:
      - internal
      - web

The problem seems to be the basicAuth Login for our Services. I need a rule or exception for the Let's Encrypt path (https://phpmyadmin.our.Domain/.well-known/acme-challenge/) or some other way to renew the certificates.