Tend to mention random trivial tools I write here, but somehow forgot about this one - acme-cert-tool.
Implemented it a few months back when setting-up TLS on, and wasn't satisfied by any existing things for ACME / Let's Encrypt cert management.
acme-cert-tool has all that in a single script with just one dep on a standard py crypto toolbox (cryptography.io), and does everything through a single command, e.g. something like:
% ./acme-cert-tool.py --debug -gk le-staging.acc.key cert-issue \ -d /srv/www/.well-known/acme-challenge le-staging.cert.pem mydomain.com
...to get signed cert for mydomain.com, doing all the generation, registration and authorization stuff as necessary, and caching that stuff in "le-staging.acc.key" too, not doing any extra work there either.
Add && systemctl reload nginx to that, put into crontab or .timer and done.
There are bunch of other commands mostly to play with accounts and such, plus options for all kinds of cert and account settings, e.g. ... -e email@example.com -c rsa-2048 -c ec-384 to also have cert with rsa key generated for random outdated clients and add email for notifications (if not added already).