I run quite a few websites now, and I decided it was probably time I stopped editing nginx configuration files on the server, reloading nginx, and seeing what happened. I came across a post from Tyler Gaw, which explained a setup fairly close to what I wanted. My setup's a little different, so I thought I'd write about how I got it working.
I've started using Let's Encrypt a lot, for all my domains in fact. Previously, I've been using letsencrypt-auto, and stopping my webserver every time I want to renew a certificate. This is probably fine (all the sites and domains I run are low traffic, and can afford to be down for 30s or so when certificates need renewing every few months), except a flaw in my process for renewing certificates meant I took my webserver down for 12 hours or so. Twice.
I've recently started launching WordPress sites - starting with Talitha, and now this site. In my haste to move a few sites that seemed like they'd work better as WordPress sites, I appear to have over-loaded my single Digital Ocean droplet, so it's time to spin up a new one.
I was a very happy user of Cloudflare for a year or so, primarily after hearing about Universal SSL, following a failed attempt to get an SSL setup which SSL Labs approved of. I felt uneasy about it - it seemed like I was intentionally MITM'ing all my sites by passing them through Cloudflare's network.