Our infrastructure is managed by Ansible (including nginx site configuration - they are generated using templates).
Now we generate letsencrypt certificates by
certbot command automatically each 3 months, but we have ~1 minute downtime (we have to stop nginx, to bind certbot standalone to 80).
How Letsencrypt + nginx integration for autorenewal can be made?
I have found some solutions like How to setup Let’s Encrypt for Nginx on Ubuntu 18.04 (including IPv6, HTTP/2 and A+ SLL rating) but they use
python-certbot-nginx which modifies site configs (and they will be replaced by Ansible on next Ansible run, so HTTPS will be broken).