Hi @DSimon,
NGINX (from kobo-docker container) does not need to know where the certificates are located because all the internal requests are made with HTTP. (Inside docker network).
When a request is made to external endpoint (such as: https://kc.yourdomain.tld, https://kf.yourdomain.tld or https://ee.yourdomain.tld), it calls the reverse proxy (which redirects the traffic on HTTP behind the scene to the NGINX - kobo-docker- container.
So the certificate must installed on the reverse proxy.
You can have a look at this thread, an user pasted is config file for a reverse proxy with Apache.
As I said before, certbot container should renew the certificate for you. If it doesn’t, it means there is an issue. To narrow down the problem, can you confirm you have ports 80 and 443 opened on your server?
