I am not sure why you think it is "so complex"...?
It simply says: Serve requests for anything below
/.well-known/acme-challenge/ from this host, redirect everything else to
https://example.com/
Assuming the host where this is located is the
http://example.com host, this would allow LetsEncrypt authentication requests to be served here as required while redirecting everything else to the secure host.
As to why they did it this way rather than another, you would have to ask them (I have not visited the link), but probably because it is so simple.