Hi @MikeMcQ,
Thanks for the helpful reply and for pointing out the systemd timer! 
By “manual triggers,” I meant I’ve had to manually run certbot renew for some domains because the cron job I set up fails due to config mismatches (e.g., nginx not finding certain domain configs). I wasn’t aware the systemd timer was already handling renewals—good catch!
I ran sudo certbot renew --dry-run as suggested, and here’s the output snippet:
Processing /etc/letsencrypt/renewal/example.com.conf
- Cert not due for renewal, but simulating renewal for dry run
- nginx: [error] invalid server_name or missing server_name directive
Seems nginx is tripping up on a few domains. Any tips for fixing nginx config errors during renewals? Should I tweak the renewal conf files or adjust nginx server blocks?
Appreciate your guidance!
Best,
David James