-
Install Certbot (via https://certbot.eff.org/)
-
Insert this into
/etc/crontab
:/usr/local/bin/certbot-auto renew --renew-hook "service nginx reload" --no-self-upgrade -v >> /var/log/letsencrypt/renew.log 2>&1
Check to make sure everything is working okay. This should cause nginx to auto-reload whenever there's a new cert.