Because you haven’t used a second serverblock to house the SSL site’s configuration, the return 301 https://$server_name$request_uri; line redirects you to the SSL version of your site regardless of the scheme.

To rectify this, you can split the configuration into 2 server blocks, one for plaintext and another for SSL.

server { # Non-SSL configuration
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name work-bot.be-codified.com;

    return 301 https://$server_name$request_uri;
}

server { # SSL configuration
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name work-bot.be-codified.com;

    include snippets/ssl-work-bot.be-codified.com.conf;
    include snippets/ssl-params.conf;
}

(NOT RECCOMENDED) OR you can put the non-SSL specific configuration inside and if block, and that would make it apply only over http (or vice versa). Note that if blocks are generally not a good idea to use for reasons outlined in https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name work-bot.be-codified.com;

    if ($scheme = "http") { # Only redirect if not using SSL
        return 301 https://$server_name$request_uri;
    }

    # SSL configuration
    #
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-work-bot.be-codified.com.conf;
    include snippets/ssl-params.conf;
}