Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Yes, you can do that and certbot will ask whether you want to expand the cert and say yes to that.
But you must setup nginx properly for both names. Right now they respond differently to Let's Encrypt http challenge requests. In fact, your apex domain pywise.co.uk responds with an error http 502 Bad Gateway. You won't be able to get a cert for that using the http challenge with a 502 error.
Usually the www domain is just another name in the same server block as the apex. It can be a different server block it just usually is not. Example:
Thanks
I have rerun the command and selected E option
Your existing certificate has been successfully renewed, and the new certificate
has been installed.