I see @ts678 has posted with detailed links, but just to clarify
sudo systemctl stop duplicati.service
First, if you are on 2.0.8.1 database encryption was not supported on Linux in that version so the database is not encrypted there. For later versions, running without a desktop means no secure storage, so unless you manually configure database encryption, it is not encrypted. Also, if you configure database encryption, you should have the key, so no need to do the decrypt step.
tl;dr: You can skip the start/stop dance and just stop Duplicati before copying the database.
If you (or someone reading this) want to do the decrypt step, you can use the service route as described by @ts678, which ensures everything is aligned. But, you can also try simply running it as root:
sudo duplicati-server --server-datafolder=/root/.config/Duplicati --disable-db-encryption
This will start it up, and you can press CTRL+C to stop it again.
You can again use the service route, or try as root:
sudo duplicati-server --server-datafolder=/root/.config/Duplicati --startup-delay=5min
Not for certain. Duplicati 2.0.8.1 was using Mono and 2.1+ is running on .NET Core, and they resolve the folders slightly different on some Linux distros (and MacOS). You can however, set the option --server-datafolder=/root/.config/Duplicati and then you know exactly where it is.
On some distros, running as root will cause it to be located in /var/lib/Duplicati.
You can read more here: The server database | Duplicati
No, that should not be required.