After installing certbot:
sudo service nginx stop
sudo ./certbot-auto certonly --standalone -d sub.example.com --standalone-supported-challenges http-01
sudo service nginx start
Modified the ngnix site conf:
server {
listen 80;
server_name sub.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name sub.example.com;
ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem;
passenger_enabled on;
rails_env production;
root /var/www/sub.example.com/production/public;
}
Then added a root crontab:
sudo crontab -e
0 4 * * * /home/stungeye/certbot/certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx start" --quiet