$ sudo certbot --nginx certonly Let's Encrypt certificates only last for 90 days, so it's a good idea to renew your certificates automatically before they expire.