CakePHP , nginx and letsencrypt, How to get sertificates?

Could somebody clarify How to get certificate from Lets’ encrypt?
As I understand letsencrypt script should creates folder under WEBROOT:
/webroot - but real HTTPDOC is here,
and when script try to access - directory it’s “403 Forbidden”

I see for Apache solution is:
Add “RewriteRule ^(.well-known/.*)$ $1 [L]” as the first rewrite rule in the root htaccess and the app/.htaccess

What do I have to do NGINX ?

Thank you.

I found solution.
We can create special folder like /var/www/letsencrypt
and redirect there for each domain/subdomain.