I'll be honest, I've had times where there's the "simple" solution, and "the solution I remember off the top of my head", and 10/10 the one that's happening is the one that I remember because I just did it last week.
I have no desire to google the arguments for self signing a cert with openssl, and I cannot remember which webserver wants the cabundle and the public cert in the same file. If I had done it even kinda recently I'd still remember what to poke in the certbot config.