Alternately, what’s in /var/log/letsencrypt/letsencrypt.log?
Is there anything in /etc/letsencrypt/cli.ini?
What does “sudo certbot certificates” output?
If there was an older certificate for only “www.another_my_domain222.com” (for some reason), and you created a new certificate for "another_my_domain222.com and www.another_my_domain222.com", it would reuse the existing /etc/letsencrypt/live/www.another_my_domain222.com/ directory by default. I think that’s most likely what happened.
If you want to force the resulting certificate to be in /etc/letsencrypt/live/another_my_domain222.com, you can also add the Certbot command-line option --cert-name another_my_domain222.com. This will prevent Certbot from reusing any pre-existing Certbot-managed certificate that covers all or a subset of the requested names.
$ website="my_website123.com"
$ sudo certbot certonly --standalone -d $website -d www.$website --email admin@$website
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/www.my_website123.com.conf)
What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for my_website123.com
http-01 challenge for www.my_website123.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.my_website123.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.my_website123.com/privkey.pem
Your cert will expire on 2018-10-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Why did it create one for “www” instead of the bare domain?
On all my own servers this exactly command has always created a cert. without “www” - this is what I need. I even tried yesterday – without “wwww”.
It didn't—one for www instead of the bare domain already existed, so it used that one.
When run without --cert-name, Certbot will always use any existing certificate that covers all of the requested domains as the basis for a possible renewal. Here, it found an existing certificate that covered all of the requested domains and so it used that one as the basis for the renewal, including maintaining the cert name of the existing certificate.