You may have issue of python3 vs python2.7. ERPNext still uses python2.7 certbot version while python3 for v12. You will need to install python3-certbot and then run the commands manually.
Instead I suggest use the DNS challenge method. It is easier and you dont need to update nginx.conf each time.
First install certbot manually for your OS as per instructions at certbott.eff.org. Summarized:
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt-get install certbot
Now run the certbot command. You can use wildcard * for all subdomains and including www or specify a specific subdomain:
sudo certbot -d *.domain.com --manual --preferred-challenges dns certonly
You will be asked to install a DNS of type TXT record for your domain. The host will be _acme_challenge.sub.domain.com with a value that is a long key… for example FXbTE0_wG7LxIVmhcD_5wIMDuwH0XGvirPTaR7Z6QFc
If your registrar permits - set the propogation time for 1 minute. After 1 minute continue to hit enter on your server and the certificates (.pem files) will be installed to the default location as I recall /etc/letsencrypt/live/sub.domain.com/. You can then ensure that the /frappe-bench/config/nginx.conf file points to the same certificates for your site…