I have resolved the problem by simply installing an openSSL cert.
Now, I want to install a new letsencrypt cert.
And when running certbot, and choosing the domain I want a cert for (1,2)
I get the strange message:
Please enter password with the systemd-tty-ask-password-agent tool!
[I must say that there is a short passphrase, which I have to type in when for ex. restarting httpd, but I don't think it has sth do with it.
At least, it won't work when I type it in.]
That's weird. Certbot does not use passwords for the certificate/private keys. And also it isn't in the process of doing anything with an issued cert yet.
To me, it looks like you're using a password protected private key currently in your webserver setup, maybe when you fixed your webserver previously using th "OpenSSL cert". And you're probably using the nginx or apache authenticator plugin for the challenges, so nginx or Apache gets restarted.. And at that restart, it probably requires the password for the "OpenSSL cert".
I'm not sure ifpretty sure Certbot doesn't even support such a thing, entering a password during the process.
If the password is for the self signed "OpenSSL cert" which you generated purely for repairing your webserver, you might as well remove that password altogether. Password protecting a relatively useless self signed cert isn't very helpful IMO.
But indeed, Google is your friend here, I don't know how it works exactly, but I guess it has something to do with combining -in <yourprivatekey> -nodes -out <privatekeywithoutpassword> or something similar, using the correct OpenSSL module of course.