# handle .well-known and HTTPS redirect for all domains
server {
	listen 80 default_server;
	listen [::]:80 default_server;
	location /.well-known/acme-challenge/ {
		alias /srv/http/.well-known/acme-challenge/;
	}
	location / {
		return 301 https://$host$request_uri;
	}
}