Well, the key is easy–it should be moto.courses.key. Nginx expects to see the intermediate cert(s) and server cert in the same file, and the output you posted from GetSSL is not at all clear about which file that would be, but my guess would be domain.pem, or possibly domain.crt.
The right file for nginx directive ssl_certificate is the one defined in DOMAIN_CHAIN_LOCATION variable, in your case domain.crt and this is what we call fullchain.
Do you know that you issued your cert against staging server instead of production?. I mean, your cert has been issued by Fake LE Intermediate X1 that is a test CA and is not valid. You should change the getssl configuration file.
Right now you should have this:
# The staging server is best for testing (hence set as default)
CA="https://acme-staging.api.letsencrypt.org"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
And you should change it to use prod instead of staging and reissue your cert
# The staging server is best for testing (hence set as default)
#CA="https://acme-staging.api.letsencrypt.org"
# This server issues full certificates, however has rate limits
CA="https://acme-v01.api.letsencrypt.org"