@nhadsall you don’t need the certs to be present in the container, you can mount the certificate path to the container itself. The certificates are present in /srv/nginx:
$ ls -la /srv/nginx/
total 24
drwxr-xr-x. 2 percona percona 115 Dec 1 2020 .
drwxr-x--x. 12 percona percona 272 Jan 26 14:29 ..
-rw-r--r--. 1 percona percona 6018 Dec 1 2020 ca-certs.pem
-rw-r--r--. 1 percona percona 137 Dec 1 2020 certificate.conf
-rw-r--r--. 1 percona percona 977 Dec 1 2020 certificate.crt
-rw-r--r--. 1 percona percona 1704 Dec 1 2020 certificate.key
-rw-r--r--. 1 percona percona 424 Dec 1 2020 dhparam.pem
So, for example you could use --volume certsvol:/srv/nginx.
At the time any of the certs change, you can either restart the container, or use a less approach such as:
$ docker exec -it pmm-server supervisorctl restart nginx
This then leaves you to provide your certificates however you wish to, including integrating certbot, or similar, outside of the container. In addition, with the certificates outside of the container, you can check validity without needing to connect, such as:
$ openssl x509 -in /path/mounted/to/srv/nginx/certificate.crt -noout -dates
Hopefully, some of that helps you simplify your setup.