To elaborate a bit on @schoen’s comments, you can set this up many ways, but I would recommend the following to have minimal impact on the rest of your setup. Add the following to your nginx config:
location /.well-known/acme-challenge {
root /src/examplestore/www/public/.well-known/acme-challenge;
}
This will leave everything else the same, except that now any requests to http(s)://whatever.example.com/.well-known/acme-challenge will pull files from /src/examplestore/www/public/.well-known/acme-challenge. You would then set /src/examplestore/www/public as your webroot for certbot and it will place the challenges in the proper directory. (Create these first so nginx doesn’t get mad.)