I do n’t understand why such troubles,
isn’t it better to make yourself a wildcard from LE and don’t worry?

LetsEncrypt knows how to use Wildcard
Well, look what kind of certificate the server gives you, so don't forget about the logs.
In the browser, well, or curl to help

* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=*.sysalex.com <-- раз
* 	start date: May 27 05:07:30 2019 GMT
* 	expire date: Aug 25 05:07:30 2019 GMT
* 	common name: *.sysalex.com <-- два
* 	issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US

server_name ~^(www\.)?(?.+)$; What kind of self-employment is this? why is this more?
Firstly, you violate the philosophy of nginx itself - the creator of nginx himself said more than once that !!!
I INTENTIONALLY did not introduce the normal use of variables in the configuration files, because where is it more correct to copy a piece of a file 10 times than to fill it with a variable, the admin will not break off to copy two lines.
And I can tell you that he is right.
2. When you generate a site, you do it anyway by some means, YOU DON'T WRITE ALL BY HANDS, WHEN THERE ARE MILLIONS OF WEB INTERFACES?
3. If you don’t have a problem with www, just make a link to the c www folder, and you don’t have to go out of your way.
4. Working with and without a certificate is fundamentally different, AT LEAST the fact that when you access via http, you first get the domain name and then work.
The HTTPS software first works with the keys, and only after that you can get at least a byte of information in this channel, including the site name. so do not invent a bicycle.
Generate configs for each site, and I would also recommend separately for http and https in this case, an error in one of them does not lead to a fall in the second interface.
well, the default config should be called 000-default... - where 000 indicates that it will be the first one when issuing (because as I described to you in paragraph 4, if the site does not have https, he can physically find out about this only after receiving the keys, as a result of the web the server will take the "nearest" and sort it exactly by letter;) 00 just the first;)
Well, it's a banal convenience, different sites require additional changes in the configs.
And therefore where in your model to write them?

server {
  listen 80;
  server_name ~^(www\.)?(?<domain>.+)$;
  root /var/www/users/$domain;
}

in the third line, they forgot the name of the regexp region, so $domain in some versions of nginx will be empty, in some it will swear at the wrong config and the processing of the instruction block is interrupted.
therefore it turns out that there is no certificate, as it were