Fix SSL certificate renewal for Let's Encrypt

Allow ACME challenge requests before HTTPS redirect:
- Add location block for /.well-known/acme-challenge/
- Prevent immediate redirect that was blocking Let's Encrypt verification
- Fixes 'Timeout during connect' errors during certbot renewal

config/nginx/homelab.conf

@@ -5,9 +5,16 @@ server {
     listen 80 default_server;
     server_name ak-homelab.duckdns.org _;
 
-    # Redirect HTTP to HTTPS
+    # Allow Let's Encrypt ACME challenges
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # Redirect all other HTTP to HTTPS
+    location / {
         return 301 https://$host$request_uri;
     }
+}
 
 server {
     listen 443 ssl default_server;