That's a very untypical setting. The standard user should be root, so root access is required to read the private key. Using another user who owns the certificates is bad.
Don't install multiple certbots. That's always bad.
One installation per server.