Certificate location

When I created my certificate, it was put in /etc/letsencrypt/live/example.com. When I renewed it, the new one was put in /etc/letsencrypt/live/example.com-0001. Is that supposed to happen? What’s a good workflow to automate this process?

I use the standalone method and just create the cert without configuring the server, because Nginx, Postfix, and Dovecot already point to /etc/letsencrypt/live/example.com/cert.pem etc, so changing the directory name messes that up a bit.

I can script around it, but need to know how that’s intended to work first.


Hm, not here. They are symlinked to /etc/letsencrypt/archive/example.com and /etc/letsencrypt/archive/example.com-0001 respectively. Am I missing something?

Edit: Could it be because the second run I added some more domains to the cert?

I got the same result and I also had just changed some of the subdomains so I think that your guess is correct. I wonder if this means that I can have different certs for different subdomains?

Yes, you can. Configure your web server with SNI and you can use any number of certificates on the same web server.

Did the client prompt you to treat the new issuance with more domains as a renewal? If so, it’s not the intended behavior that you would get a new example.com-0001 directory. That’s considered a separate “certificate lineage” and is only intended for when you want a separate, unrelated certificate (which could still have some of the same domains mentioned in it).