My web server is (include version): nginx / 1.18.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 22.04
My hosting provider, if applicable, is: DigitalOcean
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.4.0
I am looking for clarification on initial setup and renewal of certificates.
When running sudo certbot –nginx my nginx ssl server block is modified adding certificates as expected but my non ssl block is also modified redirecting all non ssl traffic to ssl server block which is not desired but not a major issue as it's easy to edit out.
My understanding is that if I want auto renewal setup where nginx's configuration will be reloaded on renewal of certificate then I need to include the –nginx option or else I must manually setup renewal hooks - is this correct?
If –nginx option is specified on initial setup. When the certificate is auto-renewed will my non ssl server block be modified as it was in initial setup or will nginx only be reloaded? i.e, will the forced redirection of non-ssl to ssl be reinserted (this will be undesirable)?
On initial setup, what are implications of running with both certonly and –nginx sudo certbot certonly –nginx? Do I just need to edit server block and update certificate paths? Are is this not a good idea.
Finally, currently my renewable parameters (in /etc/letsencrypt/renewal/) show
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
key_type = ecdsa
Does this mean that on renewal that nginx will automatically receive reload signal? I ask as nowhere do I see actual hook issuing reload command.
Thanks