Thanks for your helpful response. I assumed some sensitive processes can't be publicly exposed, however even a very basic flowchart of Certbot/LE file management seems non-existent.
For example, even understanding these would help:
- How and when does LE determine which
/archive/files to link from/live/symlinks? - If the
/archive/files and/or/live/files are deleted/corrupt then what happens? - What conditions prompt LE to delete any child folders?
- etc, etc.
I realize it might sound strange, but after years of using Certbot in my FOSS project SlickStack (automated LEMP server provisioning using bash scripts), my understanding of LE hasn't evolved much. Like many sysadmins, I prefer manual configuration and intricate organization of the server, but when it comes to LE it is still largely just "see what happens" or "wait for Certbot to return a message"...
It also makes me question the purpose of having commands like certbot delete or even the point of trying to clean up LE certs (which I've tried various ways) when that might just return a "rate limited" rejection message and leave your server cert-less for hours/days -- on the other hand, if you never delete any files it seems like Certbot intelligently scans /archive/ and symlinks the correct cert if it hasn't been revoked... but back to the topic at hand, the lack of info is frustrating.