The certificate from Let’s Encrypt for my blog is expired, I thought the script /root/renew-letsencrypt.sh not working, tried to do it manually.

$ /root/renew-letsencrypt.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not yet due for renewal

$ openssl x509 -noout -dates -in /etc/letsencrypt/live/muyexi.im/cert.pem
notBefore=Jun 30 23:01:00 2017 GMT
notAfter=Sep 28 23:01:00 2017 GMT

So the new certificate is already generated, but nginx doesn’t pick up it.
I try service nginx reload, the new certificate starts working.

#!/bin/sh
#https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/

/root/certbot-auto --config /etc/letsencrypt/configs/muyexi.im.conf certonly

if [ $? -ne 0 ]
 then
        ERRORLOG=`tail /var/log/letsencrypt/letsencrypt.log`
        echo -e "The Let's Encrypt cert has not been renewed! \n \n" \
                 $ERRORLOG
 else
        nginx -s reload
fi

exit 0

So nginx -s reload doesn't work, use service nginx reload instead.