Certbot will prompt whether to run the hook during --dry-run or not. Okay to choose "D" for Do not run. This reload hook is not needed for --dry-run only for actual renewals.
And one more minor thing. In this server block you should un-comment the line for IPv6 listen. You are listening for IPv6 on port 443 and best to be consistent.
You are not using IPv6 today so it is not essential but when you do this would cause peculiar problems to leave it commented out here.
server {
listen 80;
#listen [::]:80; # <--- uncomment this line
#server_name _;
server_name cbe30c15fb7f.sn.mynetname.net;
# sudo certbot reconfigure --cert-name cbe30c15fb7f.sn.mynetname.net --deploy-hook 'systemctl reload nginx'
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You are attempting to set a --deploy-hook. Would you like Certbot to run deploy
hooks when it performs a dry run with the new settings? This will run all
relevant deploy hooks, including directory hooks, unless --no-directory-hooks is
set. This will use the current active certificate, and not the temporary test
certificate acquired during the dry run.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(R)un deploy hooks/(D)o not run deploy hooks: D
Simulating renewal of an existing certificate for cbe30c15fb7f.sn.mynetname.net
Successfully updated configuration.
Changes will apply when the certificate renews.
Yes the reconfigure looked perfect. You could disable ipv 6 listen on port 443 also. It is just best for both of them to be consistent how they handle that. You can certainly add the listens once you do start supporting that.