[rlaanemets]

Just let it get the cert (DNS or HTTP challenge) and then restart/reload the web server. Do not let LE rewrite your server configuration. This was very error-prone before and likely still is. People structure their Apache, Nginx, HAProxy, etc. configuration files in very different ways and it's nearly impossible for the certbot to work correctly in all cases. I'm not sure if this was also the case for the article author, the article contains too little technical information to tell it.

[jacquesm]

That's the one thing that actually worked once I managed to get a chrooted copy of the latest certbot running on a copy of the config. But that took quite a bit of fiddling to set up and it should never have come to that in the first place.