Fix SSL certificate renewal for Let's Encrypt

Allow ACME challenge requests before HTTPS redirect:
- Add location block for /.well-known/acme-challenge/
- Prevent immediate redirect that was blocking Let's Encrypt verification
- Fixes 'Timeout during connect' errors during certbot renewal

config/nginx/homelab.conf

@@ -5,8 +5,15 @@ server {
     listen 80 default_server;
     server_name ak-homelab.duckdns.org _;
 
-    # Redirect HTTP to HTTPS
+    # Allow Let's Encrypt ACME challenges
-    return 301 https://$host$request_uri;
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # Redirect all other HTTP to HTTPS
+    location / {
+        return 301 https://$host$request_uri;
+    }
 }
 
 server {