location ~ ^/.well-known/acme-challenge
{
  allow all;
  root /var/lib/letsencrypt/;
  default_type "text/plain";
}