I tried using the subdomain that is actually connected to immich, i got this
sudo certbot -a webroot -i nginx -w /var/www/html -d immich.harryisback.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for immich.harryisback.org
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: immich.harryisback.org
Type: unauthorized
Detail: 155.4.61.251: Invalid response from https://immich.harryisback.org/.well-known/acme-challenge/x1tJZQzxwdDmr7j6ejOT1BE_ZEd_sM2iEGwfyeLRrSw: "<!doctype html>\n<html>\n <head>\n <!-- (used for SSR) -->\n <!-- metadata:tags -->\n\n <meta charset=\"utf-8\" />\n <meta n"
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
You do not need to use the "proxy" setting at Cloudflare. That sets up their CDN and your server as the Origin Server. Without this proxy you just use their DNS service.
It is possible to use Cloudflare "proxy" but your Origin Server would still be nginx - not your immich system. Then your local nginx server proxies to your local immich system. You could maybe use the Cloudflare Origin CA cert on your nginx system. This would avoid needing to use Certbot to get a cert for your nginx. But, evaluating all this is more complex and maybe best avoided given your difficulties so far.
Thank you all for the support, and thank you for being so patient with me, everything seems to be working, but I do wonder, what happens when my certificte runs out ( accordring to your link it runs out in 90 days)
Depending on how you installed, most likely a cronjob or systemd timer was installed. This cronjob or timer will run Certbot twice a day and ask it to renew any certificate due for renewal (which is when the cert expires within 30 days).
You claim to have installed Certbot 1.21.0 on Debian Bookworm, but when I look at Debian -- Details of package certbot in bookworm, Debian Bookworm should ship Certbot 2.1.0? So I'm curious on how you installed it. When installed using Debians apt package, there should automatically have been installed a cronjob (AFAIK it's a cronjob).
Yes, and then run the Certbot command again (but with a different -d ...). But please note that this is not the generic "nginx configuration Community". We've helped you so far that you can install a certificate, but the whole "fixing nginx" was to be honest not really our scope to begin with.