The Playbook performs a lot of tasks to prepare the server and the Nextcloud but some steps are not automized yet.
Let's Encrypt - Manual Step
The certbot was installed by the Playbook run according your choice of installation:
To finally get the Let's Encrypt certificate you have to execute the following command on your Raspberry Pi manually:
sudo certbot --apache
To renew the certificate after 90 days you have to execute the command:
# Dry-run sudo certbot renew --dry-run sudo certbot renew
Please make sure the Raspberry Pi is allowed to connect via port 80 to the internet.
For further details please refer to Nextcloud und Let's Encrypt