--standalone method is mainly intended for people who are not running a web server on the computer where they obtain the certificate (for example, if they intend to use it for an e-mail server or some other kind of service). If there’s a tutorial out there suggesting using it for some other reason, it’s almost certainly giving bad advance.
Certbot remembers what authentication method you used when you obtained the certificate, and uses that method again if you run
certbot renew. So if you got your certificate with
--standalone, it will also be used for renewal.
You can change the authentication method by running
certbot certonly --force-renew --cert-name your-certificate-name (filling in the appropriate name in place of
your-certificate-name, as listed in the output of
certbot certificates), plus the authentication option(s) that you want to use, plus
-d flags for each domain name that the certificate should cover. For example, if you wanted to use
--apache instead, you could run
certbot certonly --force-renew --apache --cert-name your-certificate-name -d example.org -d www.example.org -w othersubdomain.example.org
--nginx are best for people who are running those servers, and
--webroot for people who are running a different web server, or who can’t get
--nginx to configure their servers appropriately. (Until recently,
--webroot was recommended for all Nginx users, but now we suggest trying