OK, I did the ‘manual’ installation through sslforfree, and everything is working fine.
However, I now want to install certbot, to auto renew my cert ( just a single cert, for half a dozen domains).
Can I use certbot to renew my existing cert - or is it better to nuke the current cert entirely, (not used for production yet!) and then install certbot and have it make a new cert entirely??
Under the hood, renewal also means obtaining a new certificate (with the same domains as a previous certificate). This means that there is minimal benefit to "renewing" as opposed to "making a new cert". We don't currently have a way to import an existing cert when switching to Certbot, but there's no real harm in starting from scratch.
Certbot does a good job of creating certificates in such a way that it’s easy to keep track of them. There is currently no “import” feature however I think you are on to a winner
I will submit a feature request to “import” certificates which may make things slightly easier
Some of the other clients do a good job of pointing to a domain and they figure out all the related certificates.