Getting trusted Let's encrypt-certificates for your domain has never been easier. Even easier than actually creating custom certificates for yourself. At least if you don't have a clue about certificates and such.
The setup for this blog for example: We have an apache2-server as gateway for our domains which (if needed) proxies the requests/responses to the actual server (like the local ghost install).
To get https enabled for your website 'certbot' will help you a lot.
There are actually a couple of ways how to achieve the retieval of the certificates. In the end most important for let's encrypt to give out a certificate for your domain is that you prove that you are the owner of the domain.
One possible way is certbot's webroot. In this 'handshake'-option you need just to give certbot the filesystem-rootpath that maps to your domain's http-port 80.
certbot certonly --webroot -w /var/www/example -d www.example.com
During the handshake some random data provided by let's encrypt is written to some random dot-prefixed folder and then checked if this data is accessible. That is enough as proof and you'll get the certificates ( /etc/letsencrypt ).
Since this certificates are only valid for 90-days you need to recreate them once they are invalid or are becoming invalid shortly.
This can be done by just calling
This is best to be done in a cronjob