Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:sudo certbot certonly --dns-route53 --dns-route53-propagation-seconds 30 -d from-dawn.com --agree-tos -m blablabla@gmail.com --config-dir ~/hqyc/credentials -n
It produced this output:
My web server is (include version):Cherrypy
The operating system my web server runs on is (include version):Ubuntu
My hosting provider, if applicable, is:aws
I can login to a root shell on my machine (yes or no, or I don't know):yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):latest
After running this command the downloaded (symbolic link) files will be stored under my application's credentials/ directory. I wonder if this is a better idea than simply copying/moving from the same files from default directory without specifying --config-dir? Any security concerns for this?
Copying is fine, but moving isn't because it will cause certbot renew to break.
You could also use the --deploy-hook feature in Certbot to cause a script to be run every time a certificate is issued or renewed, which can then be used to copy the new certificate and associated files to some other location.
When Certbot detects that a certificate is due for renewal, --pre-hook and --post-hook hooks run before and after each attempt to renew it. If you want your hook to run only after a successful renewal, use --deploy-hook in a command like this.
This means that usually --pre-hook and --post-hook are used for things that are a special requirement or prerequisite for the renewal attempt itself (most often: changing a firewall rule to allow incoming connections, or temporarily shutting down the local web server to avoid port conflicts if using --standalone), while usually --deploy-hook is used for certificate installation/deployment purposes.