When working with LetsEncrypt I have had a number of sites that did not want to work with the HTTP block and as a result, they would defer to the HTTPS block.
When trying to use the HTTP block for a location be sure to specify the IP address that NGINX should bind to. If not you may find that your LetsEncrypt location will not be read. Resulting in a 404 error when trying to read the verification file from certbot.
Make sure you use the IP address with the 'listen' command and the port number.
This is an example of a working and configured location block with the server. This block will redirect all traffic my encrypted site except for the robots.txt file and the Cerbot folders. This way you can verify the doming for LetsEncrypt no matter what you have in your HTTPS block.
server {
listen 172.22.1.3:80;
server_name mysite.lcco.co.lucas.oh.us www.mysite.oh.us;
root /var/www/mysite;
location / {
return 301 https://$host$request_uri;
}
location ~ /robots.txt {
access_log off;
try_files $uri =404;
}
location /.well-known/acme-challenge {
root /var/www/mysite;
access_log off;
allow all;
try_files $uri =404;
}
}