Serve /.well-known/acme-challenge/ for http-01 challenge.

Issue csmith/docker-automatic-nginx-letsencrypt#3

extra/default-server.conf

@@ -0,0 +1,24 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    server_name _;
+
+    # From: https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable-acme-challenge-support-on-all-http-virtual-hosts/5622
+    location ^~ /.well-known/acme-challenge/ {
+        default_type "text/plain";
+        alias /letsencrypt/well-known/;
+    }
+
+    # Hide /acme-challenge subdirectory and return 404 on all requests.
+    # It is somewhat more secure than letting Nginx return 403.
+    # Ending slash is important!
+    location = /.well-known/acme-challenge/ {
+        return 404;
+    }
+
+    # Redirects all default HTTP traffic to HTTPS.
+    location / {
+      return 301 https://$host$request_uri;
+    }
+}

extra/redirect-http.conf

@@ -1,13 +0,0 @@
-# Redirects all default HTTP traffic to HTTPS.
-
-server {
-
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    server_name _;
-
-    return 301 https://$host$request_uri;
-
-}
-