Assuming the cert files are not kept open, you could store them in a protected vault with the password in them, place them (copy from vault) where nginx wants them, close vault, start nginx and overwrite/remove the files.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,262900,262912#msg-262912 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
