I believe the video set up a cron job to tell Certbot to reissue a certificate to a mounted directory and presumably restart NGINX. Does that sound like a valid configuration?
If so, I'm thinking Certbot can run on a dedicated account and NGINX can be configured to look there (or else get a symbolic link) for the credentials. Any other reason Certbot would need elevated permissions?