/var/www/html/letsencrypt is the path I pass to the client with --webroot-path /var/www/html/letsencrypt. The client then creates the challenge files in that folder automatically.
Crontab works for me, my script looks like this:
#!/bin/bash
cd /root/letsencrypt
letsencrypt-auto certonly -a webroot --webroot-path /var/www/html/letsencrypt \
-d example.com -d www.example.com
--server https://acme-v01.api.letsencrypt.org/directory \
--agree-tos --renew-by-default
service nginx reload