The technique described in this blog post under the heading "I want HTTPS redirection!" is done in the dynamic configuration, whereas there's also the following approach via static/startup configuration:
Is one approach "better" than the other?
Also, does the Let's Encrypt ACME challenge require HTTP, or can it be done over HTTPS? If the former and
http --> https redirection is in place, how can it succeed? And if the latter, and redirection is in place, how does LE access a secure URL that has no cert in order to generate the initial cert?