It can be prevented if you’re obtaining the cert at the command line, using the --cert-name and --expand directives. I don’t believe there’s a way to do it through the GUI, though.
There shouldn’t be any certs in either place–/live/ should have only symlinks to actual cert files (which should be in /archive/), while /renewal/ should have only the renewal configuration files. But if those other certs aren’t showing in the GUI, and you aren’t otherwise using them elsewhere, there shouldn’t be any problem doing certbot delete --cert-name blah to delete them.