To get wildcard supported certificates, we need to pass the challenge which requires adding TXT records in your dns records.
To get certificates for single domains, there is no need to modify dns records. Check this link https://micropyramid.com/blog/configure-ssl-with-letsencrypt-and-nginx/ for more info.
Your distribution may have old version of certbot, so we will try with latest certbot from github repository. This solution is based on https://github.com/certbot/certbot/issues/5719, thanks to talyguryn.
As the above suggests, in your dns records add TXT record, with
On successfull verifcation you should have certificates in /etc/letsencrypt/live directory.
Error: Failed authorization procedure.
In this case, check that your TXT records are updated, for that you can run:
Now that we have certificates in /etc/letsecrypt/live, add those certificates in nginx configuration: