Here on the certbot site https://certbot.eff.org/#ubuntutyakkety-nginx
it says that the system comes with a cron job already, but then it says that it’s highly recommended to take advantage of this feature. Does that mean we have to do something to enable the cron job? Or can we just install the certs and forget about it?
Check what you have in /etc/cron.d/ There should be a crontab (a file) called “certbot”. So it should be already working. You can test the actual renewal with certbot renew --dry-run as you probably already know.
And when the actual renewal should happen (within 30 days of expiration) you should check that your certificate is actually renewed.