Simple guide

sudo apt update
sudo apt-get install letsencrypt

input your params below.

sudo certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com

Go to your DNS provider portal and add a text record for the string above and save…

Check that it woked

sudo certbot certificates

add renew to crontab

0 1 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.log

Add to nginx config in site config u want ssl in server section

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/XXXXXXXXXXXXXX.se-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/XXXXXXXXXXXXXX.se-0002/privkey.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;