Как поставить SSL на виртуальный сервер с Nginx?

Question

Эмиль Рахматуллин @Emchik

Что-то прикольное сделать могу

Linux
Nginx

Как поставить SSL на виртуальный сервер с Nginx?

Я настроил виртуальный сервер (сайт на Nuxt.js, работает на http). Поставил Certbot. Хотел выпустить сертификат Let's Encrypt, но получаю ошибку. О чём она говорит?

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for my-site.ru
http-01 challenge for www.my-site.ru
Waiting for verification...
Challenge failed for domain my-site.ru
Challenge failed for domain www.my-site.ru
http-01 challenge for my-site.ru
http-01 challenge for www.my-site.ru
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: my-site.ru
   Type:   unauthorized
   Detail: Invalid response from
   https://my-site.ru:443/.well-known/acme-challenge/nYNW-Vx96_2CQMCL7Z5ArzYQNAdwsH-rnkoyaeSOLg
   [2a00:f940:2:1:1:1:0:176]: 404

   Domain: www.my-site.ru
   Type:   unauthorized
   Detail: Invalid response from
   https://www.my-site.ru:443/.well-known/acme-challenge/eCfPCR1MG25SxFuRTkba6hVn45LU_YePcLPhhbT6kA
   [2a00:f940:2:1:1:1:0:176]: 404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Мой конфиг nginx (GNU nano 4.8 /etc/nginx/sites-enabled/my-site.ru):

map $sent_http_content_type $expires {
    "text/html"                 epoch;
    "text/html; charset=utf-8"  epoch;
    default                     off;
}


  server {
    listen          80;                                 # the port nginx is listening on
    server_name     my-site.ru www.my-site.ru;    # setup your domain here

    gzip            on;
    gzip_types      text/plain application/xml text/css application/javascript;
    gzip_min_length 1000;

    location /.well-known {
        root /var/www/my-site.ru;
    }

    location / {
        expires $expires;

        proxy_redirect                      off;
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_read_timeout                  1m;
        proxy_connect_timeout               1m;
        proxy_pass                          http://127.0.0.1:3000; # set the address of the Node.js instance here
    }
}

PS: my-site.ru стоит, так как скрыл реальный адрес.