Paying for certificates..? Manually copying cert files? Man, this reads like it was 2010 or something. Best of luck, but I don’t know why I wouldn’t just use acme.sh and systemd timers instead of this.
You're developing "certbot, but it's paid and sends private keys around the network instead of generating the csr locally"? Why? Who's the target audience? Platforms that can't run certbot, or any of the infinite amount of other acme clients, most likely won't be able to run your agent as well, so what's the value add vs just running a regular, well-defined (and free!) acme client and just moving the cert over manually?
<https://www.certkit.io/>