I've been working through usage of Let's Encrypt for free SSL cert generation. I use primarily nginx servers on my projects and wanted a simple way to renew.

Here's an example command that you can refactor for your server cron.

$ /opt/letsencrypt/letsencrypt-auto certonly --webroot --agree-tos --keep-until-expiring --rsa-key-size 4096 -w /srv/www/domain.com/public -d domain.com -d www.domain.com -w /srv/www/subdomain.domain.com/public -d subdomain.domain.com

This allows for a cert that can handle the root domain name and additional sub domains on a single certificate.