Welcome to the Let's Encrypt Community, Sean 
To start debugging, try using this certbot command:
certbot/certbot \
certonly --webroot \
-w /data/letsencrypt \
-d "guardpost.co.za,www.guardpost.co.za" \
--agree-tos \
--register-unsafely-without-email \
--dry-run \
--debug-challenges \
-vvv
This will cause certbot to create the http-01 challenge files then pause for manual input before continuing with verification. You should be able to see where they're being created at that point. You can visit http://guardpost.co.za/.well-known/acme-challenge/test with a web browser on a device that uses the public internet (i.e. external to your network) then check your nginx access log files to see where the access occurs. Comparing these two pieces of information should give you a start in tracing down your operations. You can use https://www.redirect-checker.org to see what Let's Encrypt sees for any address externally from your network (i.e. from the internet).