Ever wondered why you ran into a
SEC_ERROR_EXPIRED_CERTIFICATE or something
You surely set up the automatic certificate renewal with certbot correctly.
But did you also reload your web server?
nginx loads the certificate files only on startup, so it won’t use the new ones
if not explicitly told to do so.
A quick fix is to add
&& service nginx reload at the end of the certbot cron
The line should look something like this:
*/12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl-e 'sleep int(rand(43200))' && certbot -q renew && service nginx reload
This will prevent the above mentioned errors in the future. Nginx will be notified to reload all config files and certificates after certbot successfully renewed all certificates.