Currently, when certbot is run to create a new certificate, it uses the specified webroot and creates a folder under [webroot] called “/live/[domainforcert]” (where [domainforcert] is the domain specified for this certificate) and stores symlinks for cert.pem, privkey.pem, chain.pem and fullchain.pem. This works fine in my tests.
My question is: When running certbot 80 days later (for example) in an attempt to renew an existing certificate that is about to expire, will certbot use this same directory or does it create a new directory under [webroot]/live/ for the renewed copy of the certificate? Does it simply over write the files that the symlinks point to with new cert, privkey, etc. files?
Because I’m handling installation and renewal somewhat manually for my situation, I’m trying to determine if I can always access the current cert, privkey, etc. files in the same location on the server, even after renewal; for example: [webroot]/live/[certfordomain]/*.pem