This is a quick guide, not meant for newbies and mostly as a public reference for me.
I've compiled this information from the certbot site, Debian's wiki and Raymii.org's excellent tutorials about HSTS and SSL Hardening. If you want details of what all this does, and why is it done, visit those sites.
Run the following commands as root:
Edit /etc/nginx/nginx.conf and search for the lines with the "SSL Settings" header:
Edit /etc/nginx/sites-available/default and add these lines on your "server" block:
Go to /etc/nginx/snippets and create the file certbot.conf with the following contents, modifying appropriately for your server:
That should do it, if you see any problem, please notify me via any channel.