On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx
Certbot has an Nginx plugin, which is supported on many platforms, and certificate installation.
Due to a security issue, Let's Encrypt has stopped offering the mechanism that the Nginx plugin previously used to prove you control a domain. You can read more about this here.
We are planning on releasing a new version of Certbot in the next few days that works around this but if you have to obtain a certificate and cannot wait, you have a couple of options. If you're serving files for that domain out of a directory on that server, you can run the following command:
$ sudo certbot --authenticator webroot --installer nginx
If you're not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:
$ sudo certbot --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx"
Running either of these commands will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonlysubcommand. To see instructions on how to use this subcommand, select "None of the above" in the first drop-down menu above.
To learn more about how to use Certbot read our documentation.
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
$ sudo certbot renew --dry-run
More detailed information and options about renewal can be found in the full documentation.