before upgrade from 1.5-rolling-202501270007 to 1.5-rolling-202501230006 (but also happened in earlier builds)
vyos@PROXIS-SVTELE:~$ sudo ls -als /config/auth/letsencrypt/live/fruity
total 12
4 drwxr-sr-x 2 root vyattacfg 4096 Jan 29 16:44 .
4 drwx--S--- 3 root vyattacfg 4096 Aug 7 13:31 ..
0 lrwxrwxrwx 1 root vyattacfg 49 Jan 29 16:42 cert.pem -> /config/auth/letsencrypt/archive/fruity/cert3.pem
0 lrwxrwxrwx 1 root vyattacfg 50 Jan 29 16:43 chain.pem -> /config/auth/letsencrypt/archive/fruity/chain3.pem
0 lrwxrwxrwx 1 root vyattacfg 54 Jan 29 16:44 fullchain.pem -> /config/auth/letsencrypt/archive/fruity/fullchain3.pem
0 lrwxrwxrwx 1 root vyattacfg 52 Jan 29 16:44 privkey.pem -> /config/auth/letsencrypt/archive/fruity/privkey3.pem
4 -rw-r--r-- 1 root vyattacfg 692 Jan 27 17:21 README
vyos@PROXIS-SVTELE:~$ sudo reboot
after update directory looks like
vyos@PROXIS-SVTELE:~$ sudo ls -als /config/auth/letsencrypt/live/fruity
total 28
4 drwxr-sr-x 2 root vyattacfg 4096 Jan 29 16:44 .
4 drwx--S--- 3 root vyattacfg 4096 Aug 7 13:31 ..
4 -rw-r--r-- 1 root vyattacfg 1773 Jan 30 09:25 cert.pem
4 -rw-r--r-- 1 root vyattacfg 1801 Jan 30 09:25 chain.pem
4 -rw-r--r-- 1 root vyattacfg 3574 Jan 30 09:25 fullchain.pem
4 -rw------- 1 root vyattacfg 1704 Jan 30 09:25 privkey.pem
4 -rw-r--r-- 1 root vyattacfg 692 Jan 30 09:25 README
vyos@PROXIS-SVTELE:~$
after update certbot renew
reported error like
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: Processing /config/auth/letsencrypt/renewal/fruity.conf
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: Renewal configuration file /config/auth/letsencrypt/renewal/fruity.conf is broken.
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: The error was: expected /config/auth/letsencrypt/live/fruity/cert.pem to be a symlink
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: Skipping.
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: No renewals were attempted.
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: No hooks were run.
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: Additionally, the following renewal configurations were invalid:
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: /config/auth/letsencrypt/renewal/fruity.conf (parsefail)
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: 0 renew failure(s), 1 parse failure(s)
Jan 30 09:41:20 PROXIS-SVTELE certbot[5006]: Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for >
Jan 30 09:41:21 PROXIS-SVTELE systemd[1]: certbot.service: Main process exited, code=exited, status=1/FAILURE