I am trying to set up certs for a host that has about 220 hostnames (with an without www, some subdomains, some stating subdomains etc) so that I have to split the list into 3 certs and use SNI. When putting the priority domains at the top of the list they end up in the first cert and the cert dir in /etc/letsencrypt is the name of the first domain in the list.
However for the other certificates, the name of the dir is determined by the position of the 101st domain in the list, which means that this will change if the list is modified, for example if there is a new subdomain inserted (this could be fixed add domains only at the end) or if a domain is deleted from the list (and everything after that goes up 1 line and the cert dir names change).
The best workaround for this would be if it were possible to set the dir name of the created cert to a fixed name (e.g. cert1, cert2, cert3), but I think that is not supported by the certbot options.
Recent versions of Cerbot support a --cert-name option just for this. For example:
$ sudo certbot certonly --webroot --cert-name example -w /var/www -d example.com -d www.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
Using the webroot path /var/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example/fullchain.pem.
Your cert will expire on 2017-06-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"