Thanks for clarifying this. So in my case certbot certonly would have created those suffixes when it found broken certificates.
I came across a similar thread and this one
What would be the behavior of certbot certonly if the certificate links aren't broken ?