My nginx process occupy port 80 an 443, and I use http challenge.
When I want certbot renew, if I must stop nginx to release port 80 for certbot?
1 Like
Welcome to the Let's Encrypt Community 
You can keep nginx active on ports 80 and 443 and just use this to get a new certificate:
certbot --nginx
2 Likes
Thanks for your reply. My problems have always been complicated. 
I have tried this command(certbot --nginx) last night. I saw it edit my nginx.conf. But I do not want it to do that.
In addition, I have three domian, 1 parent domain, 2 subdomain, total 3 standalone certificate.
After I run this command, I saw 3 certificates expand to 1 certificate. I want to know how does it do that.
Finally, can I expand 3 certificates to 1 certificate by my self without edit nginx.conf automatic, and keep nginx active on ports 80? Is this complicated?
3 Likes
You can have certbot use nginx only for acquiring the certificate (for multiple (sub)domain names) then gracefully reload nginx after acquiring a new certificate by using:
certbot certonly --nginx -d "example.com,www.example.com,mail.example.com" --deploy-hook "nginx -s reload"
3 Likes
Excellent! I really appreciate your help. 
3 Likes
And if you really don't want certbot to mess with nginx (it temporarily modifies nginx for the challenge with --nginx), you could always use the webroot authenticator.
In any case, not any reason to have to stop your nginx to get a certificate.
4 Likes
Thanks, I understand it better. 
3 Likes