I’m guessing that there could be a firewall (either on the server or on the network level) blocking inbound connections on port 443. This is the most likely problem in this situation (since the TCP connection on port 443 can’t be established at all).
On the server you could also run ss -tlp to confirm that nginx itself is listening on port 443 (https). If it is, the firewall hypothesis is more likely to be right.
One idea is to check from further and further away, for example if you can test from another machine on the same LAN (curl -v https://gestaourbana.prefeitura.sp.gov.br/). This might reveal whether the problem is an iptables rule or a router or firewall elsewhere on the network.
You could also post your complete iptables output here so that we could see if there's any apparent problem with the iptables rules (assuming that they don't contain any confidential information).
prefeitura.sp.gov.br
Por curiosidade, porque a cidade de São Paulo não precisava usar prefeitura.saopaulo.sp.gov.br como seria o caso para outros municípios? É por ser a capital do estado homônimo, ou apenas por ser muito grande e conhecida?