Why is this better than Certbot, which has more options and more support? Set up a daily cron to run the certbot-auto `--renew` flag and forget about it. Done.
The Debian package is even more convenient, it sets up the cronjob automatically (with a random delay to prevent everyone from hitting the servers at the same time). It's even quicker to set up.
Same here, I just set up LetsEncrypt for a second site last week and didn't know this. From a glance at the docs it looks like it's relatively new. Ubuntu 16.10 has the automatic cron setup but not Ubuntu 16.04 which is what I used.
That's strange. I swore last year I would never use a non-LTS version for a server. Unless I'm missing something, it seems to be more headaches than it is worth to roll with the XX.10 vs XX.04.
I'm not sure, it was there when I finally switched from the git repo to the packaged version some months ago. I'm using Debian stable (with the backports repo enabled)
It's not added without question. It's added by dint of the administrator taking the explicit action to install the package. This is actually the Debian practice that the systemd people tried to take account of in the design of their presets system. Installing a package on Debian not only installs the software, but it automatically configures and runs it, too. Hence the idea that systemd presets can be made to default to "enable" on Debian and default to "disable" elsewhere.
This is a Debian norm. It's one that various Debian developers have tried to change over the years. The convention of having separate "run" packages exists and a few people adhere to it. (bcron-run, socklock-run, qmail-run, dqcache-run, bincimap-run, ...) But that convention is not (yet) the Debian norm. This is even though people have been regularly pushing for it since the turn of the century.
Put that in your host configuration and the nginx will be configured to start up the nginx with SSL enabled. All other locations required for the acme request are automatically configured. Systemd timers are also added for automatic renewal.
IMHO it does not get any better than this.
A little off topic, but I somehow missed until recently that AWS cert manager will give you free, auto-renewing SSL certs for use with AWS. Just another free, convenient SSL option.
What about using Forge instead (http://forge.laravel.com)? I know it's not free but for 10$/month you can get Let's Encrypt cert in 20 seconds and tons of more features (server provisioning with really good security setup and all the tools you need).
https://certbot.eff.org/