Я себе пару скриптов написал:
addnew.sh#!/bin/bash
# Usage:
# sudo ~/letsencrypt/addnew.sh domain.ru
set -e
DOMAIN="$1"
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d ${DOMAIN} -d www.${DOMAIN}
#openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
echo -e '
*********************************************************************
NGINX config add:
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
ssl_dhparam /etc/pki/nginx/dhparam.pem;
*********************************************************************
'
letsencrypt.cron.sh#!/bin/bash
# This script renews all the Let's Encrypt certificates with a validity < 30 days
# Usage:
# run command:
# sudo crontab -e
# add string
# @daily /home/vpsuser/letsencrypt/letsencrypt.cron.sh
# run command:
# chmod +x /home/vpsuser/letsencrypt/letsencrypt.cron.sh
NGINX=$(which nginx)
if ! /usr/bin/letsencrypt renew > /var/log/letsencrypt/renew.log 2>&1 ; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
fi
${NGINX} -t && service nginx restart
Ну и Nginx:
default.confserver {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.php;
server_name _;
location / {
try_files $uri $uri/ =404;
}
# For LetsEncrypt: https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/
location ~ /.well-known/acme-challenge {
allow all;
}
}
Ну и документация:
https://gist.github.com/yarkovaleksei/2c6c96222924... 
