Well, setup a cron job using the Let’s Encrypt certbot utility.

I created a file on my CentOS 7 box in /etc/cron.d/ containing:

16 3,15 * * * root /usr/bin/certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

This will run a renewal check every day at 3AM and 3PM using the standalone method described in the certbot docs. This does mean nginx stops briefly twice a day, but that’s fine on my personal server!