Remediation Steps

Follow the steps below to remediate this finding on Nginx webserver.

1. If using Let's Encrypt with Certbot, renewal is automatic via a cron job or systemd timer:

   sudo certbot renew --dry-run

2. If renewal is not automatic, run:

   sudo certbot renew

3. Reload Nginx after renewal:

   sudo systemctl reload nginx

4. For commercial certificates, replace the certificate files and reload Nginx.