Ensure certificate is generated with correct name

[jaywink]

Sometimes either due to existing conflicting old certificates or via removal of domains from the original certificate (for example dropping of www. version), Certbot generates the actual cert files under a postfix -001.

This makes usage of these certs tricky since the user will most likely be pointing the web server to the cert without the -001 postfix.

Grep the output of cert renewal/issuing and if the right format name is not generated, fail the role execution (though only after restarting services).