This is a recurrent problem and as topics discussing this problem are closed here I come to share a small script that can help.
It can still do with many improvements but it seems to work.
TODO: add a check to see if certs are less than 2 month old
Since you're targeting Certbot users, you should look into Fabric for future improvements.
Fabric is a Python library that lets you automate bash commands like this, and also do things like ssh'ing into the remote server to restart the web services. I use it a lot with multi-node systems.
(If Certbot runs on a system, Fabric can too.)
Sounds like it makes sense, but I know nothing of Python, I am typescript dev.
I hate bash... but like the fact it's every were and I wrote this script precisely to help me take over a old Ubuntu that apt is broken... still bash is there
I think I should specify that a smart way of using this script is via it's
letsencrypt-sync-renewal-hook-helper.bash companion script updating a central server behind any of the fronline boxes, central server then updating all of the fronline machines.