How to prevent creation of '/etc/letsencrypt/live/domain.tld-0001' when removing domains from a `domain.tld` multidomain certificate?

I migrated the site to a new server in August and it must’ve happened then. When I copied over the /live/ directory I must not have properly preserved the symlinks. I think there’s a flag you use to do that when decompressing the directory, and I bet what happened is I didn’t use that flag. My best guess anyway.

Is the solution to create new symlinks to the files in archive? What’s the proper way to do that? Would it be:

ln -s /etc/letsencrypt/archive/ /etc/letsencrypt/live/

Then once that’s done, I can run cerbot renew (I’ll try a dry run first)?

Thanks for identifying the issue.

Hi @EdGeis,

The right way should be this:

Before doing any change, please, backup (as user root):

tar zcvf /root/backup_etc_letsencrypt_2018-Oct-06.tar.gz /etc/letsencrypt/

And then, recreate the symbolic links pointing to the last files inside archive/

cd /etc/letsencrypt/live/
ln -sf ../../archive/ cert.pem
ln -sf ../../archive/ chain.pem
ln -sf ../../archive/ fullchain.pem
ln -sf ../../archive/ privkey.pem

Good luck,


Got it…thank you. Will give this a try (I have a backup server I can test this on by modifying my .hosts file).

So next time it renews, does it add cert3.pem etc. to /etc/letscenrcrypt/archive/ Just wondering about the sequential numerals added to the file names there…

Yes, and it will also automatically update the symlinks to point to cert3.pem and the other files.

Got it, thanks. I just created the symlinks on a backup server and tried a renewal dry-run. Other than the DNS not pointing to the right IP because it’s a different server, everything else checked out OK. In the wee hours tonight I’ll do this on the production server and try a renewal, then report back. Should work…I guess the nuclear option would be to just vaporize /etc/letsencrypt/ and run certbot from the top again.

Success. It renewed this morning, zero downtime.

Learned a few more things about how Certbot works, so all in all I’m glad this happened. Thanks for the help.