Getting Bad Vibes

if you're an experienced admin for nginx or apache, you might want to look into letsencrypt client's webroot authentication plugin see Letsencrypt Webroot Authentication Tested on Beta invited/whitelisted domain and Using the webroot domain verification method

With webroot authentication there's a clearer separation in that letsencrypt client doesn't actually touch your web configuration itself - instead it just validates the domain(s) when you pass the public web root path of your domain(s) to the letsencrypt client. So you can script and do the actual web server end configuration the way you want it setup and just point to the letsencrypt client obtained ssl certificate related files.

Letsencrypt client's webroot authentication plugin is what I am integrating into my own Centmin Mod Nginx LEMP web stack for Nginx vhost auto generation with Letsencrypt SSL certificate and auto renewal scripted support - latest progress (still waiting on ability to update registered LE account's email address Clarify the --email flag requirements? though and multi domain SAN SSL symlink directories ? · Issue #1260 · certbot/certbot · GitHub for multi-domain SAN ssl).