My server runs nginx in a chroot jail. I’ve successfully created the certificates using the certonly --manual options. The problem I’m facing is that the certificates are placed in the /etc/letsencrypt/live/domain/ directory (actually symlinked to /etc/letsencrypt/archive), which is outside of my chroot jail (located at /srv/http). So I cannot symlink to them.
Is there a way to save/place the certificates directly in a different folder whenever I make/renew them? If not, what would be a secure way to place them in the chroot jail? Simply copying them? The manual discourages this and would rather have me “point your (web) server configuration directly to those files (or createsymlinks)”. As explained this is not possible because of the jail.