The documentation states that ceritificates are stored under /etc/letsencrypt, and that web servers should be configured to use these by symlinking.
In order for those symlinks to work, the http server’s configuration needs to be altered to disable chrooting, and have access to the entire
/ tree. This is generally pretty bad advice, and many less-knowing users will follow it, notice that disabling chroots is required, and do that as well.
The docs should really recommend some alternate method - the problem is, I haven’t seen if it’s possible to configure letsencrypt to use a different directory for live certificates.