I have been using a LetsEncrypt cert for my website for a number of years and have it set to auto renew using the cron job below. I want to enable HSTS now and was wondering if I simply add --hsts to the cronjob command or if there is any additional configuration that is required? How do I specify the timeframe also, i.e. 1 year? I have an Ubuntu 20.04 server running Apache.
Please don't ever use --force-renewal in a cron job!!! That's a very, VERY bad idea. Please remove it immediately! Why would you do that anyway?!?
To answer your HSTS question:
HSTS is just a header send by the webserver, not a property of the certificate. You might be able to set this header (but I'm not sure) by using the install subcommand of Certbot in combination with the --hsts option. But I don't know how you got and installed the certificate in the first place, so I can't provide an exact command for you.
Undocumented indeed. The --hsts option isn't mentioned in the enhance section, only in the security section, which isn't a subcommand to begin with. So I guessed install. I guess I guessed wrong.