Hi,
This is in relation to certificate path that is being generated when we replace a cert with a new one.
I am running a script to replace all certs with older expired chain with new one .
The command that i am currently using for generating the cert is
/usr/local/bin/certbot certonly --webroot -w /apps/www/letsencrypt -d $domain --no-bootstrap --expand --preferred-chain "ISRG Root X1" --force-renewal
I am getting two location where the certs are being genarated , one being the exact domain name and the other with "-0001" appended into domain. so the "-0001" is creating problem as i need to update it in nginx configuration
The -0001 generally means that you issued a cert for a similar name but the cert did NOT include the exact same set of names as on the first one. So now you have two cert.
Check with: cerbot certificates
That could be as simple as one cert has example.com & www.example.com while the other only has www.example.com.
Got it , so earlier the certificates were generated for both www.theburgercoast.in theburgercoast.in,
but now since i have requested it for only one (www.theburgercoast.in) name so it has created a new set of certificates particular to "www.theburgercoast.in"
Also, if you wanted to force the --preferred-chain "ISRG Root X1" option on an existing certificate, you can do that by using it in combination with certbot renew. No need to use the whole certbot certonly blahblah command.