Job finishes succesfully on renewing certs but ssl are not used by https

[freshteapot]

Not sure how to help with this one.

I believe renew of certs used to work. I have recently added more domains and I am wondering if that has caused trouble...

The certs job seems happy, but looped over enough letsencrypt has ratelimited me.

[Wed Jan 17 18:39:44 UTC 2024] Installing cert to: /root/certs/tls.crt
[Wed Jan 17 18:39:44 UTC 2024] Installing CA to: /root/certs/ca.crt
[Wed Jan 17 18:39:44 UTC 2024] Installing key to: /root/certs/tls.key
[Wed Jan 17 18:39:44 UTC 2024] Installing full chain to: /root/certs/fullchain.crt

The job seems happy, and says nothing needs renewing, but the secrets are not updated and the endpoint says the cert is out of date.

Looking into the secrets, it appears that there is more than one certificate in "tls.crt", "ca.crt".

Also when I decode the conf secrets, there are things like "rootroot" and it almost looks like there should have been some new lines.

Here is an example

acme.sh/www.learnalist.net_ecc/fullchain.cerXXX 0ustar  rootroot-----BEGIN CERTIFICATE-----

Also at the top of the conf

acme.sh/www.learnalist.net_ecc/www.learnalist.net.csr.confXXX 0ustar  rootroot[ req_distinguished_name ]

I lack detailed knowledge but I have a feeling rootroot maybe should have been "newline", as I suspect

[ req_distinguished_name ]

should be on its own line like other conf blocks.