wiki.iViolet.net

sudo apt-get install nginx

(Please Modify sub.domain.com to your domain)

nano /etc/nginx/sites-available/host1

server {
    listen 80;
    server_name sub.domain.com;
     location /.well-known {
   alias /var/www/sub.domain.com/.well-known;
    }

    location / {

    }
}

http://sub.domain.com/.well-known is where the Let's Encrypt servers will look for the answers to the challenges it issues.

ln -s /etc/nginx/sites-available/host1 /etc/nginx/sites-enabled/host1
service nginx restart

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help

mkdir /var/www/sub.domain.com/

(Make sure you are in the directory where you installed Certbot)
(typically: /opt/eff.org/certbot/venv/local/bin/)

./certbot-auto certonly --webroot -w /var/www/sub.domain.com/ -d sub.domain.com

Your key, certificate, and certificate chain will now be installed in

/etc/letsencrypt/live/sub.domain.com/

(Please Modify sub.domain.com to your domain)

nano /etc/nginx/sites-available/host1

(Replace Proxy Pass Address with the exact URL IP + Port used internally to reach the server via http)

server {
    listen 80;
    server_name sub.domain.com;
    rewrite     ^   https://$host$request_uri? permanent;
}

server {
    listen 443 ssl;
    server_name sub.domain.com;

    ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem;

    ssl_stapling on;
    ssl_stapling_verify on;

    access_log /var/log/nginx/sub.log combined;

    location /.well-known {
        alias /var/www/sub.domain.com/.well-known;
    }

    location / {
        proxy_pass http://192.168.1.x;
    }
}

service nginx reload

Continue as needed for however many hosts/subdomains you want to Proxy for.

nano /etc/crontab

(Replace folder with the location of your certbot-auto script)

47 4    * * *   root    /folder/certbot-auto renew --quiet --renew-hook "service nginx reload"