The error message is from OpenSSL and is a "permission denied".
% openssl errstr 200100D
error:0200100D:system library:fopen:Permission denied
You have in your NaviServer configuration the certificate on a place which is the default of certbot. Since NaviServer is running per default with group nsadmin and user nsadmin it has no permissions to read the certificate from there. Check the certbot documentation on [1] and search for "permissions". You might wish to provide a deploy-hook-script to copy the certificate to a place where NaviServer can read it. The NaviServer plugin [2] places the certificates under "[ns_info home]/modules/nsssl" (openacs.org uses e.g. [3]). Don't forget to update the path specified by certificate in the NaviServer config file.
all the best
-g
[1] https://certbot.eff.org/docs/using.html#certbot-command-line-options
[2] https://bitbucket.org/naviserver/letsencrypt/
[3] /usr/local/ns/modules/nsssl/openacs.org.pem
