Thank you both very much for your valuable info!
I still need time to digest everything you said, let me ask a question from a different angle:
Suppose I haven't issued any commands yet, I will do it for the very first time, what would the command look like if I want the certificate has the potentials of easy and automatic renewal? Assuming I have a Ubuntu machine fully under my control.
The whole thing looks pretty complicated, I wonder if you have tutorial videos with full syntax explained?
That depends ... do you need a wildcard? Because then auto-renew requires some way to auto-update DNS. Either with a plug-in or a script as --manual-auth-hook
If you don't need a wildcard what kind of web server are you running?
I don't need a wildcard right now (I may in the future), I put the wildcard there just because I thought it is convenient to do 2 things in one shot. I am running Oracle Apex (Application Express), I don't know and I don't have access to the web server (I guess it is a weblogic), because Apex pre-configured everything.
Oh, because I changed directory and/or file permission? I had to download the files but some directory and files are only accessible by root, so I had to change the permission. Next time, I will make a copy, and change the permission on the copy only.
root@certbot:/home/ubuntu# ls -l /etc/letsencrypt/{live,renewal}
ls: cannot access '/etc/letsencrypt/live': No such file or directory
ls: cannot access '/etc/letsencrypt/renewal': No such file or directory
you are right, I used SecureFX to download the file, because I can't login as root, so I changed the permission, login as ubuntu, and download the file, I just changed it back.
root@certbot:/home/ubuntu/archive/welooop.com/archive/welooop.com# ll
total 28
drwxr-xr-x 2 root root 4096 Jan 22 13:57 ./
drwx---r-- 3 root root 4096 Jan 22 13:57 ../
-rw-r--r-- 1 root root 1854 Jan 22 13:57 cert1.pem
-rw-r--r-- 1 root root 3749 Jan 22 13:57 chain1.pem
-rw-r--r-- 1 root root 5603 Jan 22 13:57 fullchain1.pem
-rw------- 1 root root 1704 Jan 22 13:57 privkey1.pem