Now it works, but interestingly the plugin (not handmade) included an .htaccess file in /wp-content/cache/ with the following defined:
deny from all
I deleted that.
However, before I place into production, I need to understand why would the plugin include or generate such a restrictive rule?