apt-get install python-software-properties
apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot 

certbot certonly --standalone -d XXX.com

root@iZ2zedq9lexkebewgjhhwzZ:/etc/letsencrypt# certbot certonly --standalone -d  51best.site
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for XXX.com
Waiting for verification...
Cleaning up challengesIMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at:/etc/letsencrypt/live/XXX.com/fullchain.pemYour key file has been saved at:/etc/letsencrypt/live/XXX.com/privkey.pemYour cert will expire on 2017-12-27. To obtain a new or tweakedversion of this certificate in the future, simply run certbotagain. To non-interactively renew *all* of your certificates, run"certbot renew"- If you like Certbot, please consider supporting our work by:Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donateDonating to EFF:                    https://eff.org/donate-le

listen 80 ;listen       443 ssl;
ssl_certificate /etc/letsencrypt/live/XXX.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/XXX.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
listen [::]:443 ssl ipv6only=on;

listen       443 ssl;
ssl_certificate /etc/letsencrypt/live/XXX.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/XXX.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
listen [::]:443 ssl ipv6only=on;

server {listen 80;server_name XXX.com;rewrite ^(.*) https://$server_name$1 permanent;
}

/etc/init.d/nginx restart

certbot renew --dry-run certbot renew

nginx -c /etc/nginx/nginx.conf