You can use the --standalone option to get just the certificate files, so you can keep your nginx config files as-is however you configured them and just update the privkey.pem and fullchain.pem files wherever your nginx config points to look for them. And the --standalone option actually requires sudo but I guess that's because it puts the certs in /etc/letsencrypt~.
Caution though, the file paths you get after obtaining the certificates are actually relative symlinks for some reason so if you just copy these symlinks over they will most likely not point to the correct path so copy the original files instead.
That's how it should work but even --standalone still inspects your web server config and will refuse to run if any part of that goes wrong. For example, if you have multiple Apache VirtualHosts in the same file[1] (e.g. a port 80 redirect to the HTTPS site in the same file) any attempt to renew a certificate will fail with an error.
My best guess is that you have previously issued a certificate using the apache plugin on that system, and the renewal config file for that certificate is still there.
$ echo "BreakThisConfig" > /etc/apache2/sites-enabled/000-default.conf
$ ./certbot-auto --apache
2016-05-16 21:33:31,252:ERROR:certbot.le_util:Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.
$ ./certbot-auto certonly --standalone -d example.com
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem.
$ ./certbot-auto renew --force-renewal
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (success)
You don't need --standalone to get only certificate files, by the way. You can also use certonly with --webroot and it'll work just fine. The certonly is the key part.
One thing I hope they make a little clearer is how to delegate cipher suite selection to certbot. I saw some discussion about making options-ssl-nginx.conf use, say, one of Mozilla's server-side configurations (whichever one you've configured). That way you could include options-ssl-nginx.conf and it'd auto-update over time.
Frankly this is not actually about libs, but about package manager dependencies.
DEBs and RPMs are overly rigid by design. Because of how they track packages, you can't have two versions of the same package name installed at the same time. If you want to have two versions of a lib installed, you have to rename one of them to avoid a name collision. Even though the files inside the packages would never overlap.
Unless you're working with legacy project, in which case you wouldn't be replacing the lib for such stuff anyway, I don't see any reason why you would want to use 2.7.x over 3.x unless you desperately need something like gevent.
I thought it was a common sense to treat the client as merely the data representation and nothing else, sad to see that multi million dollar companies make rookie mistakes.
You might want to take a look at Craft[0] which is a simple clone of Minecraft implemented in C, that should get you the basic idea of a voxel engine since the codebase is quite minimal for the available features.
I'm quite surprised by how much smoother VSCode is than Atom despite being built upon the same platform, I just wish it had tabs and split tab groups, then I could give it a go for a full day and decide whether I like it or not.
The difference being that distro packages are distributed in a safe matter (signing and verification) whereas a website could be hijacked and the script replaced or you could get MITM'd if you access it over HTTP.
