Figured out my problem:
In /usr/local/apache/domlogs/example.com.error.log there were lines that said:
[Mon May 22 17:42:53.522519 2023] [:error] [pid 886:tid 140380883953###] [client IP:15555] [client IP] ModSecurity: Access denied with code 403 (phase 2). Match of "endsWith /modules/paypal/express_checkout/payment.php" against "REQUEST_FILENAME" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "29"] [id "211120"] [rev "12"] [msg "COMODO WAF: Remote File Inclusion Attack||example.com|F|2"] [data "Matched Data: https? found within REQUEST_FILENAME: /path/to/file.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "example.com"] [uri "/path/to/file.php"] [unique_id "ZGvh3ZWCyBfOi8SV7cODxwAAAAI"], referer: https://example.com/path/to/file.php
In /usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf I commented out the matching line