Folks might also want to look into letsencrypt client's webroot authentication plugin see
- http://letsencrypt.readthedocs.org/en/latest/using.html#plugins
- https://community.letsencrypt.org/t/letsencrypt-webroot-authentication-tested-on-beta-invited-whitelisted-domain/227612
- https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/144510
With webroot authentication there's a clearer separation in that letsencrypt client doesn't actually touch nginx configuration itself. Instead it just validates the domain(s) when you pass the public web root path of your domain(s) to the letsencrypt client. So you can script and do the actual nginx web server end configuration whichever way you want it setup and just point to the letsencrypt client obtained ssl certificate related files.
I think part of the problem is letsencrypt was only developed on Ubuntu, but there's a variety of ways that Nginx config files, structure can be setup across various OS platforms Ubuntu, Debian, RHEL, CentOS, Fedora and even within the same OS platform.
My personal vision of the letsencrypt nginx module would be to take advantage of letsencrypt webroot plugin for domain validation side and have custom code for setting up nginx ssl/http/2 vhost side to pointing to letsencrypt ssl certificates obtained. Unfortunately, the server vhost side has a variety of ways that can be configured.
Hope the info helps. Unfortunately, I am no python coder.