avoid unnecessary redirects for ACME challenge

nginx/nginx.conf

@@ -91,7 +91,13 @@ http {
 
         root /var/empty;
 
-        return 301 https://$host$request_uri;
+        location /.well-known/acme-challenge/ {
+            root /srv/certbot;
+        }
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
     }
 
     server {
@@ -111,10 +117,6 @@ http {
             return 301 https://grapheneos.org/articles/grapheneos-servers#matrix.grapheneos.org;
         }
 
-        location ^~ /.well-known/acme-challenge/ {
-            root /srv/certbot;
-        }
-
         location ~ ^(?:/_matrix|/_synapse/client) {
             # remove security headers that are statically set to the strictest possible values below
             proxy_hide_header Referrer-Policy;
@@ -157,10 +159,6 @@ http {
         add_header X-Frame-Options "SAMEORIGIN" always;
         add_header X-Robots-Tag "none" always;
 
-        location ^~ /.well-known/acme-challenge/ {
-            root /srv/certbot;
-        }
-
         location ~ '\.(?:css|html|ico|js|json|map|svg|txt|wasm|xml)$' {
             gzip_static on;
             brotli_static on;