I'm looking into integrating my nginx containers with LetsEncrypt too. Maybe with a dedicated container for the LE client that accepts new domain requests and keeps certs up to date, and confd + etcd/consul/etc to deploy certs and configs to nginx containers.
Yeah I've been considering a CI container + data volume with a CD pipeline to do that; zero downtime if you factor in anything but your own load balancers is tough though
