Hi @blaja,
Change it to this:
# renew_before_expiry = 30 days
version = 0.17.0
archive_dir = /etc/letsencrypt/archive/example.com
cert = /etc/letsencrypt/live/example.com/cert.pem
privkey = /etc/letsencrypt/live/example.com/privkey.pem
chain = /etc/letsencrypt/live/example.com/chain.pem
fullchain = /etc/letsencrypt/live/example.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = xxxxxxxxxxxxxxxxxxxxxxxxx
authenticator = webroot
rsa_key_size = 2048
installer = None
[[webroot_map]]
example.com = /path/to/example.com/webroot
If your certificate is currently covering more domains, like www.example.com, in section [[webroot_map]] you need to write a line for each of them pointing to the webroot used in your nginx conf.
[[webroot_map]]
example.com = /path/to/example.com/webroot
www.example.com = /path/to/www.example.com/webroot
Also, it is a good idea to reload your nginx service once the renewal is being processed.
post_hook = service nginx reload
or
post_hook = systemctl reload nginx
or whatever your system uses to reload it.
Example with 2 domains (example.com and www.example.com) and reloading nginx using service once the cert is renewed:
# renew_before_expiry = 30 days
version = 0.17.0
archive_dir = /etc/letsencrypt/archive/example.com
cert = /etc/letsencrypt/live/example.com/cert.pem
privkey = /etc/letsencrypt/live/example.com/privkey.pem
chain = /etc/letsencrypt/live/example.com/chain.pem
fullchain = /etc/letsencrypt/live/example.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = xxxxxxxxxxxxxxxxxxxxxxxxx
authenticator = webroot
rsa_key_size = 2048
installer = None
post_hook = service nginx reload
[[webroot_map]]
example.com = /path/to/example.com/webroot
www.example.com = /path/to/www.example.com/webroot
Cheers,
sahsanu