Бесплатный ssl-сертификат на один домен


/etc/init.d/vz stop
/etc/init.d/nginx stop
mkdir /git_cert
cd /git_cert/letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth


Далее указываем имя домена с обязательным пробелом после имени
Если все хорошо, на выходе будет сообщение:
IMPORTANT NOTES:
— Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/dobro.in/fullchain.pem. Your cert will
expire on 2016-02-04. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.

теперь можем записывать в nginx:

server {
    listen 443 ssl;
    server_name dobro.in;
    ssl_certificate /etc/letsencrypt/live/dobro.in/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dobro.in/privkey.pem;
....
    listen *:80;
    server_name www.koldaev.com koldaev.com blog.koldaev.com;
    return 301 https://$host$request_uri;

и стартовать виртуалки с nginx:
/etc/init.d/vz start
/etc/init.d/nginx start