First, I need to have the certbot installed. I found the instructions here:

In a nutshell, I need to run these commands:

I also need to install the Nginx plugin for the certbot, since my sites are managed by Nginx as a reverse proxy to Apache or to Gunicorn. So, I run this command:

Installing a New Certificate

To install a Let’s Encrypt certificate for a site managed by Nginx I need to run this command:

Had it been an Apache site (also without an Nginx proxy), the plugin parameter would have been --apache.

Certbot will ask me if I want the non-https traffic to be redirected to https. I give my consent.

Certbot finishes the certificate installation and I need to reload the Nginx server to activate the changes it made to the site configuration. These changes are marked with the managed by certbot comments.

Renewing the Certificates

First, I need to see what certificates I have on the server installed. I run this command:

It generates this output:

Now, I can run the command to renew them:

This presents me with an authentication option to select:

I select the third option and provide the file system path when this prompt appears:

This allows the certbot to verify the ownership and to update the certificates.

Once this is done, I need to restart the Apache server and reload Nginx to start using the updated certificates.