Guys, I have good news!
Firstly, I discovered the reason for the error regarding my main question (the one that gave rise to this post). In short, I was using variables in the directives referring to SSL, which ended up not working and the reason is explained here.
Secondly, I wanted to say that after reading the latest recommendations from @Osiris and @rg305 and doing a lot of testing and at the same time trying to better understand the complete flow, I:
- Removed the
--force-renewaloption; - I removed the part that removes the
live,archiveandrenewalfolders; - I changed the certificate key type from RSA to ECDSA;
- I also removed the step of generating temporary certificates (self-signed with
openssl).
In addition to these changes, I changed MANY other things in the script to the point where I could say that my modified script and the original have no direct connection.
In fact, there may already be scripts that do what mine does and even much better, however, I was so intrigued by this whole story that after the last answer people gave me here on the forum I couldn't stop until I got to mine. goal. Honestly, it was relatively stressful but the ending is doubly rewarding! I'm very happy to have learned and understood new things and if my script can help the community in any way, I will be delighted.
In short, my intention with my final script is to help someone who may have some difficulty with the Let's Encrypt certificate request process or who wants to automate this at some level. I detailed some information in the "README.md" in the repository... I think you managed to understand my intentions when reading it.
I want to emphasize that despite this journey I am still a junior in the subject and the script and the flow of the certificate request itself can certainly be improved.
Repository link: GitHub - rhuanpk/ncd