I didn’t issue any command with webroot. I just ran
certbot renew -a nginx like you suggested.
There’s a bug with nginx where the installer doesn’t work on some installs, so I was forced to use the webroot method.
I’m willing to get rid of it, if you think it’ll help. I did for the ackis.duckdns.org domain (which is why I had the configuration error, I had to manually edit the config file) and it didn’t seem to make a difference.