Thanks for clarifying this. So in my case certbot certonly
would have created those suffixes when it found broken certificates.
I came across a similar thread and this one
What would be the behavior of certbot certonly
if the certificate links aren't broken ?