Oh, I didn't notice the bottom part!
location /.well-known/acme-challenge/ {
root /var/www/public/letsencrypt/;
This could cause trouble because Certbot expects to create .well-known/acme-challenge itself within the directory you specify. Maybe that's what you were asking about before.
You might want to look at
for the distinction between root and alias in nginx (although that particular person is using a different client application which may have a slightly different concept of webroot). You might need alias rather than root in your configuration here.