See article here for more info.

---
- name: Configure NGINX and Certbot to host jekyll-generated websites.
  hosts: yourdomain.com
  remote_user: root

  tasks:
  - name: add deploy group
    group: name=deploy state=present

  - name: add deploy user
    user: name=deploy groups=deploy,www-data generate_ssh_key=no createhome=yes shell=/bin/bash

  - name: ensure ssh directory presence for deploy user
    file: path=/home/deploy/.ssh state=directory mode=700 owner=deploy group=deploy

  - name: Set up authorized_keys for the deploy user and add your key
    authorized_key: user=deploy key="{{ lookup('file', '~/.ssh/your-ssh-key.pub') }}"

  - name: create site directory
    file: path=/var/www/yourdomain.com owner=deploy group=www-data mode=755 state=directory

  - name: update apt
    apt: update_cache=yes

  - name: install nginx
    apt: name=nginx state=present

  - name: install certbot
    apt: name=certbot state=present

  - name: install python3-certbot-nginx
    apt: name=python3-certbot-nginx state=present

  - name: add nginx vhost config
    copy:
      dest: "/etc/nginx/sites-available/yourdomain.com"
      owner: root
      group: root
      mode: 644
      content: |
        server {
          listen 80;

          server_name yourdomain.com www.yourdomain.com;

          root /var/www/yourdomain.com;

          index index.html;

          expires 1d;
        }

  - name: enable site
    file: src=/etc/nginx/sites-available/yourdomain.com dest=/etc/nginx/sites-enabled/yourdomain.com state=link

  - name: reload nginx
    service: name=nginx state=reloaded

  - name: run certbot for site
    shell:
      cmd: "certbot -n --nginx --agree-tos -m admin@yourdomain.com -d yourdomain.com -d www.yourdomain.com"