You could do that, it's true. That said I'd like to kinda shunt people away from NginX. To hell with it and its antiquated ways. (okay okay, that is harsh-- it's very good at what it does and most likely it will continue doing that even a decade from now.)
Anyway, try out Caddy. I use Caddy in front of my web applications, which I run in the wonderful isolation of Docker containers, and caddy slaps an automatically generated SSL/TLS cert on them, yay! If you're running without encryption, you no longer have any excuse. Both Caddy and Let's Encrypt have made trivial work out of the previously quite harsh process of getting your site secured.