I didn't issue any command with webroot. I just ran certbot renew -a nginx like you suggested.
There's a bug with nginx where the installer doesn't work on some installs, so I was forced to use the webroot method.
I'm willing to get rid of it, if you think it'll help. I did for the ackis.duckdns.org domain (which is why I had the configuration error, I had to manually edit the config file) and it didn't seem to make a difference.
They’ve just been errors with the automatic nginx install so far - I’ve just had to convert them over to the webroot method. It looks like it was a permissions error.
I thought I had tested that out because I put a file in /var/www/letsencrypt and tried to access it via curl, but couldn’t, but when you told me to put a file in /var/www/letsencrypt/.well-known/acme-challenge/, that’s when I clued in that it may have been permissions. I’m not sure how it could have been because nothing changed there - it was an empty folder with www-data owning it, but who knows. It’s working now at least so I’m able to renew the certs that need to be renewed.
Going to get them all renewed over the next few days here, and hopefully just have it left on so I can forget about it and have everything just work.
the webroot declaration will create the .well-known/acme-challenge directory if it does not exist, but that doesn’t mean you won’t have to do the same, you can’t put files inside a non-existing directory (the webroot declaration cleans up after itself)