I can successfully route traffic from port 80 to HTTPS, and I can also get the Let's Encrypt SSL certificate successfully. But my problem starts when I want to do both.

Whenever my certs are expiring I have to adjust the config to pass the Let's Encrypt challenges. And that's no good.

Here is the config that is passing the challenges successfully

------------------------------------------------

server {
listen 80;
listen [::]:80;
server_name example.com *.example.com;

#for certbot challenges (renewal process)
location ~ /.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}

root /data/letsencrypt;
index index.html;
}
------------------------------------------------------

And here is a config that routes the traffic to HTTPS

-----------------------------------------------------

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com *.example.com;

location / {
return 301 https://$host$request_uri;
}

return 444;
}
-----------------------------------------------------


Whenever I start trying to combine them, the routing to HTTPS seems to take over and the challenges break.

It could be also useful to note that I'm using Nginx as a reverse proxy in a Docker environment, so from HTTP, I'm routing to HTTPS, and from there I'm reverse proxying for other services.