Certbot will create the -nnnn suffix if you already have an existing certificate which contains xxxxx.com and:
- The existing certificate is not a duplicate of the new certificate you're requesting (so it's not a renewal), and
- The new certificate is not a strict superset of the existing certificate (so Certbot can't simply expand the existing certificate),
That's a bit of a mouthful, but it basically means that Certbot has to create a separate certificate in order not to reduce the existing certificate's coverage. To avoid overwriting up your existing certificate, it needs a different certificate name (hence the -0001).
If it is your intention to replace the existing certificate, then you may use --cert-name to achieve that:
certbot --cert-name xxxxx.com --nginx -d xxxxx.com -d xxxxx.com
and it will overwrite the existing certificate in-place.
Edit: ah, I think I badly misread the OP's question. Either way, I believe you will want to use --cert-name rather than specifying --cert-path and --key-path within /etc/letsencrypt/live.