====== lets encrypt ======
<sxh bash>
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/mysite.com/htdocs -d a.mysite.com -d b.mysite.com
</sxh>
files are added to /etc/letsencrypt/live/a.mysite.com

====== Nginx ======

<sxh bash>
server {
    listen      80;
    server_name a.mysite.com;
    rewrite     ^   https://$server_name$request_uri? permanent;
}

server {
listen 443 ssl;
.....
ssl_certificate /etc/letsencrypt/live/a.mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/a.mysite.com/privkey.pem;
....
</sxh>

{{tag>http ssl nginx}}