I have web application on the server. As any web application it needs to send e-mails. Using third party services (sendgrid and similar) is not an option.

I have installed xeams, but I can not request let's encrypt ssl.

The frontend application is already using let's encrypt. The nginx configuration is the following:

location /.well-known/acme-challenge/ {
root /var/www/certbot;
}

So, the root path is different than acme-challenge.

Please have on mind implementing advanced configuration.

You have two options when using Let's Encrypt:

• Option 1 - Mount an SMB drive referring to the /var/www/certbot folder from your NGINX box to the machine where Xeams is running. Let's say the mounted path on Xeams is /mnt/fromNginx.
  
  Next, use HTTP - Other for Challenge Type in Xeams when configuring Let's Encrypt and specify /mnt/fromNginx as the Root Path. This will cause Xeams to put the challenge file in on the machine where NGINX is running and Let's Encrypt server will be able to satisfy the challenge/response.
  
  
• Option 2 - Reuse the existing certificate from your NGINX box. You will have to convert the final certificate from PEM to PKCS12 format using openssl. I recommend you write a script to do this conversion and call it after your NGINX box creates a new cert.

Question: Why do you need an SSL cert if all you're doing to sending emails from a local webserver to Xeams? That communication happens inside your LAN and, therefore, should not matter even if SSL is not used or the certificate is self-signed.