The Let's Encrypt client doesn't have an automatic module for nginx yet. But don't worry, it's super easy anyway!
First of all, install letsencrypt-auto:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
Next, we'll run letsencrypt-auto once with no action: this will only install dependencies.
./letsencrypt-auto --help
Hopefully, in a short while you should see the letsencrypt help and usage.
Now, let's get our certificate! Run the following:
./letsencrypt-auto certonly --webroot -w /path/to/example.com/ -d example.com
Make sure to fill in the correct path to the root of your webserver, and the domain you want to get this certificate for. If you want to get a single certificate for multiple domains, you can just include another -d parameter.
This will ask for your e-mail, then will verify that you own example.com and generate your certificate! The certificate and key will by default be put in /etc/letsencrypt/live/example.com/.
Finally, we'll edit our nginx.conf to serve over HTTPS.
Open /etc/nginx/nginx.conf in your favorite text editor and locate the server {} block for the domain(s) you want to add HTTPS for. Add the following lines inside the block:
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Finally, restart nginx: service nginx restart.
(...Or if you're on an old Debian like me, sudo /etc/init.d/nginx restart. But don't be like me, upgrade!)
And that's it! Hopefully it worked. Check if your site is accessible by https!
Note that this cert will expire in three months, so consider setting up automatic renewal!
Go forth and Let's Encrypt!
There is nothing wrong with debian whatsoever. Its a great server distro. That said, if you're using CentOS or any variant using systemd. If you're looking to restart nginx on edgier OS's