Modify your nginx configuration to use the private key and certificate from /etc/nginx/my_site.com.key and /etc/nginx/my_site.com.cert respectively, and then reload nginx one more time.
The main thing this achieves is to reload nginx as necessary when the certificate renews … but you’re also not really supposed to directly use the key and certificate files from inside /home/User_1/.acme.sh, which is why the installation involves copying them elsewhere.
After I do the --install cert, in the future, will the default acme cronjob install the new renewed cert and reload nginx when it runs? Or do I need to create a cron script to do the --install and reload part?
Yep, that’s exactly the idea. It will remember how to install the certificate during the existing cronjob and you don’t need to schedule it separately.
Wondering what the best approach is to have my non-root user's cron be able to restart the nginx.service. The user is in sudoers but obviously still needs to type in the password to restart the service. (Or am I wrong in assuming that the cron job will need to restart nginx each time the cert updates?)
Thanks. I guess I misunderstood the docs when it told me not to use sudo, and thought they also meant not to use root. Obviously those two things are pretty different so I shouldn’t have assumed.