Let's Encryptから無料・安全なSSL証明書を取得してNginxに設定するまで ref: http://qiita.com/dseg/items/908c1b8aab19a5b26d92

file0.txt

git clone https://github.com/letsencrypt/letsencrypt

# or
wget https://github.com/letsencrypt/letsencrypt/archive/master.zip
unzip master.zip

cd letsencrypt

file1.txt

./letsencrypt-auto --help

file2.txt

./letsencrypt-auto certonly -a standalone --server https://acme-v01.api.letsencrypt.org/directory \
 --agree-dev-preview -d <<YOUR DOMAIN NAME>>
# <<YOUR DOMAIN NAME>> をあなたのドメイン名に置き換えて下さい

file3.txt

./letsencrypt-auto --renew certonly -a standalone --server https://acme-v01.api.letsencrypt.org/directory \
 --agree-dev-preview -d <<YOUR DOMAIN NAME>>

file4.txt

./letsencrypt-auto --duplicate certonly -a standalone --server https://acme-v01.api.letsencrypt.org/directory \
 --agree-dev-preview -d <<YOUR DOMAIN NAME>>

file5.txt

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/shield.jp/fullchain.pem. Your cert will
   expire on 2016-02-10. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.

file6.conf

sudo vi /usr/local/openresty/nginx/conf/nginx.conf

Server {
     listen       443 ssl;
     server_name  shield.jp;

     ssl_certificate /etc/letsencrypt/live/shield.jp/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/shield.jp/privkey.pem;

     ssl_session_cache   shared:SSL:3m;
     ssl_buffer_size     8k;
     ssl_session_timeout 10m;

     # ... 後略 ...
}

file6.txt

sudo ls /etc/letsencrypt/live/<<YOUR DOMAIN NAME>>

cert.pem   fullchain.pem  chain.pem   privkey.pem

file7.conf

sudo vi /usr/local/openresty/nginx/conf/nginx.conf

Server {
     listen       443 ssl;
     server_name  shield.jp;

     ssl_certificate /etc/letsencrypt/live/shield.jp/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/shield.jp/privkey.pem;

     ssl_session_cache   shared:SSL:3m;
     ssl_buffer_size     8k;
     ssl_session_timeout 10m;

     # ... 後略 ...
}