Why does --csr produce cert file names with numeric prefixes?


#1

Curious why does --csr end up with certificate and chain file names with numeric prefixes i.e. 0001_chain.pem instead of the usual file names obtained by authentication methods like webroot ?

They seem to get rotated between subsequent authentication runs between 3 sets:

-rw-r--r-- 1 root root 2.6K Jan 17 09:07 0001_chain.pem
-rw-r--r-- 1 root root 1.1K Jan 17 09:07 0000_chain.pem
-rw-r--r-- 1 root root 1.5K Jan 17 09:07 0000_cert.pem
-rw-r--r-- 1 root root 2.6K Jan 17 09:07 0003_chain.pem
-rw-r--r-- 1 root root 1.1K Jan 17 09:07 0002_chain.pem
-rw-r--r-- 1 root root 1.5K Jan 17 09:07 0001_cert.pem
-rw-r--r-- 1 root root 2.6K Jan 17 09:25 0005_chain.pem
-rw-r--r-- 1 root root 1.1K Jan 17 09:25 0004_chain.pem
-rw-r--r-- 1 root root 1.5K Jan 17 09:25 0002_cert.pem

anyway of changing that file name to be more like symlinked webroot obtained cert/fullchain files ?


#2

seems multi domain SAN LE certs via webroot also create /etc/letsencrypt/live/domain.com-0001/cert.pem files unlike normal webroot ?

ls -lAh /etc/letsencrypt/live/le8.http2ssl.xyz*
/etc/letsencrypt/live/le8.http2ssl.xyz:
total 0
lrwxrwxrwx 1 root root 40 Oct 31 14:43 cert.pem -> ../../archive/le8.http2ssl.xyz/cert1.pem
lrwxrwxrwx 1 root root 41 Oct 31 14:43 chain.pem -> ../../archive/le8.http2ssl.xyz/chain1.pem
lrwxrwxrwx 1 root root 45 Oct 31 14:43 fullchain.pem -> ../../archive/le8.http2ssl.xyz/fullchain1.pem
lrwxrwxrwx 1 root root 43 Oct 31 14:43 privkey.pem -> ../../archive/le8.http2ssl.xyz/privkey1.pem

/etc/letsencrypt/live/le8.http2ssl.xyz-0001:
total 0
lrwxrwxrwx 1 root root 45 Jan 21 17:49 cert.pem -> ../../archive/le8.http2ssl.xyz-0001/cert1.pem
lrwxrwxrwx 1 root root 46 Jan 21 17:49 chain.pem -> ../../archive/le8.http2ssl.xyz-0001/chain1.pem
lrwxrwxrwx 1 root root 50 Jan 21 17:49 fullchain.pem -> ../../archive/le8.http2ssl.xyz-0001/fullchain1.pem
lrwxrwxrwx 1 root root 48 Jan 21 17:49 privkey.pem -> ../../archive/le8.http2ssl.xyz-0001/privkey1.pem
expirydate.sh  | grep -C1  le8  

/etc/letsencrypt/live/le8.http2ssl.xyz/cert.pem
certificate expires in 7 days on 29 Jan 2016

/etc/letsencrypt/live/le8.http2ssl.xyz-0001/cert.pem
certificate expires in 89 days on 20 Apr 2016