Don’t know why this worked in your case, but I had to specify the path to cli.ini, means:
./letsencrypt-auto --config /etc/letsencrypt/cli.ini auth
Furthermore in my case (Linux Mint) apache webroot-path is /var/www/html
But with both steps corrected indeed everything worked perfectly without stopping apache and without need for manual interaction.
This indeed is the solution for me.
Thanks a lot!
I use the same as you do. I was not clear in my last post... I've used --config cli.ini because I was in /etc/letsencrypt/ 
Anyway, LE should look by default for the config file /etc/letsencrypt/cli.ini and load it if present.
By default, the following locations are searched:
/etc/letsencrypt/cli.ini
$XDG_CONFIG_HOME/letsencrypt/cli.ini (or ~/.config/letsencrypt/cli.ini if $XDG_CONFIG_HOME is not set).
well when I have port redirection of port 80 for another device already then I am using it, and I think the proxy thing isnt the best way, I think the server should just call on other ports so I can for example set up redirection of port 450 or whatever to my Raspi running the LE Client...
Thanks for the great post. This worked like a charm, however since regular unprivileged users can bind to ports > 1024, I recommend changing from 9999 to 999 in your example. Or maybe 777 since it’s not “taken”.
@multiwebinc i agree to you in that you’re saying privileged ports shall be used.
i would have added this information above but it doesn’t seem to be possible to edit my old post.
but using the same port makes it impossible to use LE without webroot without restarting the server.
that’s why a different port wouldnt be bad. scripting gets easier when you have many different webroots because you get a lot less arguments and complexity in the LE command.