Thats a problem, because my script sends the certificate elsewhere and it expects to find the certificate in the first domain folder.
Is this behaviour expected? I mean, the certificate not always end up being saved on the first domain folder?
The --expand behavior could choose any existing cert that contains a subset of the domain names that you’re requesting, unless you specify a particular one using --cert-name.
I think the expanded cert is actually a new cert and then goes by the placement rules - which I think uses the first name alphabetically; which probably changed due to one of the newly added names being first in line.
I also understand the logic behind expand should expand not create another.
But if all things are automatically pointed to the new folder, what fails?
You mention a script that expects to find the new cert in the first folder…
But don’t give much detail on the purpose of the script.
Maybe there is something already built-in to cover your scripts needs.
I’ve created a few certificates before and it has always been used the first domain (even if its wasn’t the first alphabetically).
However, in this case domain3.com was indeed the first alphabetically. So maybe only the extend flag induces this behavior.
I generate the certificate for multiple servers in a central one. So after that I copy the elements from letsencrypt/live/mydomain.com to the others, and I was using the first domain as the folder.