events {}

http {
    server {
        listen 80;
        server_name %SERVER_NAME;

        # directly answer initial certbot request
        location /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }

        # forward all other HTTP-requests to HTTPS
        location / {
            return 301 https://$host$request_uri;
        }
    }
}