Just an update; I have been using this (on Debian) like it.
Basically whenever I want to issue a certificate for a domain, I run something like:
sudo certbot certonly -d mydomain.com,www.mydomain.com --cert-name mydomain.com
It runs through a few steps, prompting me for a few choices, and in the saves the certificates in:/etc/letsencrypt/live/mydomain.com/
Using nginx, I would just have to find the configuration for my virtual host (in /etc/nginx/sites-enabled), and add this in the server block:
# listen for SSL connections
listen 443 ssl;
listen [::]:443 ssl;
# point nginx to certificates
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
Certbot will also make sure that the certificates are automatically renewed. I can list all certificates like that:
sudo certbot certificates
There should be a nginx module which would automate the process of updating the nginx configuration, I guess, but it does not seem to be included in my build, for some reason.
It's OK, the process is still much better then the manual procedure with apache and openssl.