Hi @thecarlo,
The intended way to renew your certificates is just certbot renew
(ideally twice a day from a cron job or systemd timer). If you specify the whole issuance command again, you do have a risk of getting the -0001
if you specify a list of domain names that's in any way different from the list of domain names covered by the existing certificate (whether by adding or removing names). Could you try running certbot certificates
to see whether the coverage of your new and old certificates differs in some way?