I run nginx as a reverse proxy for sites that use SSL. Normally I’m doing something a bit strange so it doesn’t quite work having certbot manage my configs. This will renew ssl certs at 3am each morning if needed.
0 3 * * 1 root /usr/bin/certbot --standalone renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" > /dev/null 2>&1