Find out certs on the system:
certbot certificates
Renew cert:
# having --nginx allows us avoid disabling of the nginx webserver in order to accept ACME challenge on port 80
# --standalone would require disabling nginx
certbot certonly --nginx -d mydomain.com
Configuring nginx to use specific cert (excerpt from nginx.conf):
server {
server_name mysite.com;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
if we'd like a redirect from http to https in nginx,
server {
listen 80;
listen [::]:80;
server_name mysite.com;
if ($host = mysite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot