All docs
Quick Start

Nginx + HTTPS

Fairly straightforward:

# pkg install nginx lego

Enable Nginx:

# ln -s /etc/sv/nginx /var/service

Add a server block, either to /etc/nginx/nginx.conf directly, or add an include /etc/nginx/conf.d/*.conf; to split up your config into files with the following location:

location /.well-known/acme-challenge {
    root /var/acme/webroot;
}

Issue a certificate with lego

Creating a distinct user and group is advised

# addgroup -g 443 -S acme
# adduser -h /var/acme -s /sbin/nologin -u 443 -S -G acme acme
$ lego \
    --email='changeme@example.com' \
    --domains='example.com' \
    --http.webroot=/var/acme/webroot/ \
    --http run

Automatic renewal

Adjust the crontab for the acme user with: crontab -e -u acme

And add the line:

<minute> <hour> * * * lego --email='changeme@example.com' --domains='example.com' --http.webroot=/var/acme/webroot/ --http renew

Be sure to set the minute and hour to something other than midnight and the 0th minute to help reduce load on the AMCE servers.

Nginx will also need to be told to reload the service, you can add:

@daily nginx -s reload

to root's crontab to accomplish this.

Certificate configuration

Assuming example.com, add the following to your Nginx's server block:

listen 443 ssl;
ssl_certificate /var/acme/.lego/certificates/example.com.crt;
ssl_certificate_key /var/acme/.lego/certificates/example.com.key;