thanks for that, i also did something similar for webroot authentication as it's only way to get multi-domain SAN ssl certificates via webroot https://community.centminmod.com/posts/20018/
not too familiar with duplicate flag, what situations would require a duplicate certificate ? if using several local balanaced web servers served over LE ssl https ?