Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
cloud.randomsource.club/nextcloud
I ran this command:
sudo certbot certonly --manual --preferred-challenges dns
It produced this output:
_acme-challenge.cloud.randomsource.club
_acme-challenge.randomsource.club
My web server is (include version):
nginx/1.18.0
The operating system my web server runs on is (include version):
debian - dietpi 8.5.1
My hosting provider, if applicable, is:
home - cox isp
no port 80 so i created my dns txt
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.28.0
That's not using the Certbot files. Did you install the certificate anywhere else? Did you install the cert to begin with?
The guide you've mentioned is quite brief and lacking details at important steps. Did you use the dietpi-letsencrypt script? I'm assuming you didn't, as you needed to run Certbot manually with the manual plugin.
Also, on another note (and not really related to your current issue, but might be worthwile): I see your DNS provider is Njalla. There is a third party DNS plugin for Njalla available (certbot-dns-njalla · PyPI). Depending on how you installed Certbot (or how your DietPi installed it), you might be able to automate the DNS challenge using that plugin.
So, I just put in the command sudo certbot certonly --manual --preferred-challenges dns, typed my domain again, and it is located at /etc/letsencrypt/renewal/randomsource.club.conf and /etc/letsencrypt/renewal/cloud.randomsource.club.conf
So you only issued the certificate without installing it?
DietPi probably would have handled that for you, but as you had to run Certbot manually, you need to also manually install the certificate into your nginx configuration.
Note that the .conf files are not the certificates, but just renewal configuration files. The files you want to use in nginx are fullchain.pem and privkey.pem in the /etc/letsencrypt/live/ directory.
And it looks like it is encrypted with command sudo certbot --nginx -d randomsource.club -d cloud.randomsource.club, because it deployed the certificate to /etc/nginx/conf.d/cloud.randomsource.club.conf for me.
Hm, so cloud.randomsource.club.conf indeed is completely switched to the nginx plugin. That won't work if your port 80 is blocked.
When the time comes to renew, you should run the initial command again, but with -a manual -i nginx. Or switch to the certbot-dns-njalla plugin and use -a dns-njalla -i nginx.