I think extra files in /etc/letsencrypt/live
should be fine. I wouldn't recommend doing anything in /etc/letsencrypt/archive
, not sure how confused the client would get because of that.
As long as the symlinks are kept as-is, there shouldn't be any issues. I'm doing something similar in a custom renewal script for HAProxy, and it seems to work.
-0001
folders are usually created when you run letsencrypt with some domains you already have a certificate for, while adding additional subdomains. You can use --expand
to avoid this (that one will replace the existing files). Not sure if the symlink issue could be another reason for this.