In my last article I TLDR’d how I got Let’s Encrypt set up for https://marcinkowski.ca and https://analytics.marcinkowski.ca.

Getting automatic renewals set up using certbot is pretty straightforward. I collected the following from a couple of places, including the github:certbot/docs/using.rst#Renewal

Add a twice daily cron entry for certbot to check for renewals:

    30   6/18 * *   *     /opt/certbot/certbot-auto -q renew --post-hook "service nginx reload"

The --post-hook "service nginx reload" will reload Nginx’s config only if a certificate renewal is performed. You can check on this by adding -v to the call to /opt/certbot/certbot-auto and see the logging output stating that no renewals were attempted.

No renewals were attempted.
2016-07-01 20:09:54,088:INFO:certbot.hooks:No renewals attempted, so not running post-hook