We could use some improvements to the Let's Encrypt documentation, particularly with regards to automatic certificate renewal:
1. Document automatically creating a copy of the certificate, where the copy will be owned by a different user (e.g. for xrootd and gridftp). This will probably be done with a certbot post-hook.
2. Document automatically restarting service(s) after cert renewal. Again, post-hook.
3. Document (or link to documentation) for using [the Apache certbot plugin|(https://certbot.eff.org/docs/using.html#webroot] in case people run httpd and want to renew without taking down their webserver. Alternatively suggest one of the DNS plugins. This will require experimentation.