Where to store service certificates and their associated private key?
Reading this explanation on /var/lib and this answer was very helpful.
It appears that the right place to store certificates and private keys generated and renewed by my program is in /var/lib/<program-name>
with sub-directories certs
and private
.