On Ubuntu, you can easily setup a daily job that tries to renew almost-expired Let’s Encrypt certificates.
#!/bin/bash certbot renew service nginx reload
After that, sudo
chmod a+x /etc/cron.daily/renewcerts.
Now you should verify that the script would actually run:
run-parts --test -v /etc/cron.daily
should print, among other lines, this line:
IMPORTANT: You still need to run
certbot renew manually every 1-2 months to check if there are any errors that might prevent certs from being renewed.
NOTE: Since the script is calling
service nginx reload, you need to ensure that your nginx config files are not left in a broken state for too long if you edit them. Use
sudo nginx -t to check for errors after you edit them. Also note that if you make nginx config changes, the script might unintentionally apply them to your productive HTTP/HTTPS server!