I encountered an issue when renewing a certificate that I originally applied for two months ago. When I used the following command to renew the certificate:
certbot certonly --manual -d www.example.com --manual-public-ip-logging-ok --preferred-challenges dns
I noticed that the path to the renewed certificate changed to: /etc/letsencrypt/live/www.example.com-0001/
The original path was: /etc/letsencrypt/live/www.example.com/
This implies that each time I renew the certificate, the directory name changes, which affects the path other programs use to retrieve the certificate.
Could anyone advise on how to renew the certificate in the original directory name?
That happens when you request a cert with slightly different options than the original. Such as having both the www and root domain in your first cert but just the www in the second.
Note that www.abc.com is a valid domain name but I am guessing it does not belong to you. Please do not use other people's domain names. Use example.com if you must but if you want specific help we need specific info like the answers to the other questions on the form you should have been shown (which is posted below). Please complete as much as you can.
========================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
My apologies for the confusion—abc.com was just an example. In future posts, I will use example.com to avoid any confusion. The reason for not using the actual domain name is due to privacy concerns; I prefer not to disclose the company I am affiliated with. This also helps to prevent any potential malicious attacks on the website.
Hello Mike,
"I have another question. The folder now uses the same name, but the certificate file has become cert1.pem. Is this the default behavior? Can I continue using cert.pem because my program is designed to fetch cert.pem?"
The /live/ folder contains symlinks to the latest set of cert files in /archive/ folder. The /archive/ in current versions of certbot contain only a couple sets of cert files. In your version it keeps the full history.
You should reference the /live/ names to always get the latest cert
