Can produce the nginx -T, but it will unnecessarily expose my security configurations unless I edit a lot.
Basically a gist of what is going on is:
Server blocks are all in one file in sites-enabled
Something like
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .one;
root /var/www/one;
include global/one-type.conf;
}
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .two;
root /var/www/two;
include global/another-type.conf;
}
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .one;
root /var/www/three;
include global/one-type.conf;
}
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .four;
root /var/www/four;
include global/one-type.conf;
}
The included file will have one out of 2-3 variations of
ssl_certificate /etc/letsencrypt/live/vidyut.net-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vidyut.net-0001/privkey.pem;
ssl_more-stuff* __ciphers, dhparam,stapling,whatever;
[add_header stuff]
[cache setup stuff]
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ /.well-known {
allow all;
}
[more locations for php, caching, etc]
[includes fastcgi_params]
**This is very convenient for updating configurations for servers - best practices, updating ssl config for security, etc. Edit one or two files and done instead of updating each server block and waaaay less lines of code to wade through. But obviously it isn’t more convenient than certbot renew vs what I went through 
**
So what are the parts I must bring back to the main config file so that letsencrypt can find them? Or does it want me to have separate config files per server?