server { # Listen on plain old HTTP listen 80; # Pass this particular URL off to certbot, to authenticate HTTPS certificates location '/.well-known/acme-challenge' { default_type "text/plain"; proxy_pass http://localhost:80; } # Everything else gets shunted over to HTTPS location / { return 301 https://$http_host$request_uri; } }