Configuring Let's Encrypt with Nginx

If you want an A+ score on Qualys SSL Labs, then this is what you'll need to do. We assume you have already installed Let's Encrypt and are ready to retrieve your certificates

0. Install git if you haven't already.
1. git clone https://github.com/letsencrypt/letsencrypt
2. Upload all the files (the letsencrypt folders should overlap, and they expect to be in your home folder, as does the .bash_aliases file).
3. Execute ./Generate.sh (you may need to mark it as executable first with chmod 755 Generate.sh. As it will warn, this will take a while. Have a seat.
4. When you've gone and made something in the 15 minutes that could well take, or you've just set up a new SSH session, replace the instances of example.com in nginx.conf with your actual domain name.
5. Now it's time to get your certificates with renew-ssl example.com -d www.example.com It will ask for the root password, and an email address, so hang around, it shouldn't take more than a few seconds. Sub-domains will just be renew-ssl sub.example.com
6. Optional: Pick a cipher list. We default to Mozilla's Recommendation for Modern Browsers, but leaving TLSv1 enabled. If you want 100% in all caegories, you'll need to enable the first cipher list (and disable the other), plus remove TLSv1 and TLSv1.1 from the protocols line.
7. All that's left is to either move or symlink to your Nginx configuration, before testing it with sudo nginx -t and reloading the configuration with sudo service nginx restart
8. Profit (or not, it's free, who cares!)