Enhance NGINX config to enable easier certbot renewal

[willk]

Issues were found with certbot renewal of LE certificates due to force 404 redirection. A better way to ensure we don't have to edit NGINX configuration just to update certificates needs to be found.

Interesting idea that may be expanded on /etc/nginx/letsencrypt.conf:

location /.well-known/acme-challenge {
        default_type "text/plain";
        try_files    $uri $uri/ =404;
        root /tmp/letsencrypt-auto;
    }

/etc/nginx/sites-enabled/default:

    server {
        [...]

        include letsencrypt.conf;

        [...]
    }

Reload nginx. Invoke certbot for the new domain once with:

certbot certonly --webroot -w /tmp/letsencrypt-auto/ [--must-staple] -d example.com

found: https://news.ycombinator.com/item?id=32572153#32579296 Could we use the $host variable to make root configuration unique for each domain