Well, if you still have the /keys/ directory, you might be in luck!
In /keys/ you can find the private key, probably the most recent one is the correct one. On https://crt.sh you can find your certificate.
You’d need to check if those files are corresponding to each other:
- openssl rsa -noout -modulus -in 00xx_key-certbot.pem | openssl sha256
- openssl x509 -noout -modulus -in downloaded_certificate_from_crt.sh.pem | openssl sha256
These two hashes should be the same.
With those two, you can ‘rebuild’ your /archive/example.com and /live/example.com where example.com is the name of your site/hostname (certbot defaults to the first hostname in the certificate):
- The 00xx_key-certbot.pem from
/keys/would become/archive/example.com/privkey1.pem - The certificate you downloaded from crt.sh would become
/archive/example.com/cert1.pem
Furthermore, you’ll need to download the “Let’s Encrypt Authority X3 (IdenTrust cross-signed)” from the Let’s Encrypt certificates page and put it in the folder like this: /archive/example.com/chain1.pem
After that, you’ll need to concatenate cert1.pem and chain1.pem to fullchain1.pem like this:
cat cert1.pem chain1.pem > fullchain1.pem
And then you might try certbot update_symlinks again or symlink all the files yourself.