Is it possible / advisable to register and renew a Let's Encrypt
certificate through Nginx for https, and share that same certificate
on a websocket connection (wss://) on the same domain? The websocket
server is being ran off of node.js (Colyseus to be specific - which
has Express built in)
Possible but not advisable: the advisable approach is to use industry-standard web-server in front as the reverse proxy, and the number one among those is nginx at the time of this answer. However, haproxy can also act as one.
If not, is it worth setting Nginx as a reverse proxy in front of the websocket server and setting the certificates that way?
Yeah, that's a recommended approach. Because, once again, you don't usually run peculiar applications bound to the HTTP/HTTPS port directly: this forbids you from various types of important functionality. Seamless reload on the certificate renewal is one of them.
And finally, if it is a good idea to just use one certificate and share it with the websocket server, what's the best way to get Express to reload the files when certbot renews the certificate?
Basically you just run certbot renew (crond runs it for ya) and just tell the nginx to refresh it with nginx -s reload.
Can certbot inform the server it updated the certificates?
I'm unaware about this, but this mechanism is not really needed anyway - with LE certificates this should happen only once in 3 months, so ...
Or do the files need to be reloaded at all
Sure they do. How can they not be - they are loaded only once on the start of web-server.
