The 0.8 method won't work in 0.9, but I was able to get it working using a proxy server,
, which I installed on the same ubuntu server running bigbluebutton.
bbb.example.com.pem needs to be your private key concatenated with the public cert and the intermediate bundle, in that order, all in a single file.
(Using this method, you're basically offloading SSL for your server into this mitmproxy server, which receives all SSL requests, strips the SSL, and then forwards them on to the bigbluebutton web server running on port 80, completely unaware of what's going on. Nginx responds to mitmproxy which, before sending the response back to the client, edits the content of the response and changes the http URLs back to https, ensuring that the client continues talking to the proxy instead of moving over to nginx directly.)
However, there's a big downside to this: as far as nginx can tell, all the traffic is coming from localhost! This severely limits the usefulness of any logging nginx might do.