Just to build on that, the files in /etc/letsencrypt/[domain]/live/ are themselves symlinks; the files themselves are not seemingly purged when you renew your certificates (though they might be after some amount of time, I haven’t dug that deeply into the code yet), but the aforementioned links are updated so that they always point to the most current certificates.
Mostly just an academic point, however, as you can either point application configurations directly at the symlinks in the live directory, or even symlink to the symlinks; either way it will work just fine for you, and you never have to be concerned with whether your domain is presently on cert1.pem, or cert401.pem.
One caveat, however: Your applications must begin with root-level permissions in order to access these certificates. If this is not possible for some reason (e.g. the application doesn’t support dropping privileges like Apache and others do), my suggestion is to copy to a directory your application can access, e.g. I do this for my Prosody (XMPP server) setup:
cp /etc/letsencrypt/live/[domain]/fullchain.pem /var/lib/prosody/le_cert/
cp /etc/letsencrypt/live/[domain]/privkey.pem /var/lib/prosody/le_cert/
Will be easily scriptable when I get to the point of automating the whole process (waiting until the beta’s over before I venture into that, hoping for some improvements to how the client operates in the meantime…).
Just make sure that you have strict controls on who can access the files (in my case, both the /var/lib/prosody and le_cert directories have strict 500 permissions (read and “execute”/traversal) and are owned by the prosody user).