The default for
--keep-until-expiring (I’m assuming you mean that one) is to renew 30 days before expiration.
--renew-by-default will always issue a new certificate.
The main advantage of using
--keep-until-expiring is that you can simply run the cron daily and it will handle the “renew after 60 days” recommendation for you (without having to add your own checks or more complicated cron rules).
Additionally, it’s going to be more resilient to run a daily cronjob in case of intermittent errors as opposed to running it once every 30, 60 or 90 days. If something goes wrong on day 60 since your last renewal due to e.g. an outage, it’s likely it will work on the next day or at least at some point before the certificate expires.