When having expressions like this:
location ~ ^/(?:\.|include) {
deny all;
}
All requests which start with a dot (.) or include get denied. As such the required .well-known folder used for the acme challenge by Let’s Encrypt gets denied too and Plesk is unable to renew certificates.
To solve it, it is possible to add (?!well-known) to every regex which is in conflict. However, it is easier to simply define a new location block on the very top of the configuration:
location ^~ /.well-known/acme-challenge/ {
default_type “text/plain”;
}