actually on my production server (the original one) now there are some weird configurations… instead of one domain cert I see two and three files in /etc/letsencrypt/renewal
-rw-r–r--. 1 root 589 Jun 3 03:42 xx.com-0001.conf
-rw-r–r--. 1 root 570 Jun 6 10:13 xx.com-0002.conf
-rw-r–r--. 1 root 564 Apr 3 03:42 xx.com.conf
where xx.com is the domain I accidentally renewed an the cloned server…
There should only be one certificate…
certbot certificates shows:
Certificate Name: xx.com-0001
Domains: xx.com www.xx.com
Expiry Date: 2019-09-01 07:42:37+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/deepsouthblenders.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/deepsouthblenders.com-0001/privkey.pem
Certificate Name: xx.com-0002
Domains: xx.com
Expiry Date: 2019-09-04 14:13:07+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/xx.com-0002/fullchain.pem
Private Key Path: /etc/letsencrypt/live/xx.com-0002/privkey.pem
Certificate Name: xx.com
Domains: x.com (and several other unrelated domain names here)
Expiry Date: 2019-07-02 07:42:52+00:00 (VALID: 25 days)
Certificate Path: /etc/letsencrypt/live/xx.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/xx.com/privkey.pem
Things look very confusing for certbot 
Should I delete all three and try to create a new one? Or just delete the 2 invalid ones? what commands would I use? The first one is the right one.