Ah, great! So that was it. That code is meant to restrict access to files like .htaccess (where present), .ini, and so on. Do you happen to know of a rewrite to the following snippet for NGINX that would do that without also blocking .well-known?
##
# Location Rules for All . Files
##
# Hide Dot Type Files For Security Reasons
# location ~* /\. {
# return 404;
# }