Now that the certs have changed and I’ve certified a half dozen domains, I should restate my question. Because I think we were talking about different things.
These were the previous certificates:
Will the certificates at these URLs ever change, or are they guaranteed to not be over-written?
[The same applies for the certificates at URLs that appear in the headers of the signed certificate on issuance (I think those are the DER format at another url)]
When LetsEncrypt started signing new keys, the keys were published at:
Using new URLs for new keys makes sense for a lot of reasons, and I think that is what is happening. I just want to be sure.