How netlify interacts with your nginx server is defined in netlify. How you configure that is part of application design. There is no single right answer.
You do not have netlify using your nginx (www.)whatbank.ca server. Your nginx access log did not show your test curl to it. And, of course, we could not see certbot requests passing through.
A couple tips. One is Netlify has a forum which might help you.
Another is to modify your nginx access log format so you can better see what is happening. Adding the server_name is helpful when you share an access log with multiple server definitions. This format is what you have now just with the added $server_name. Check the nginx docs for more options.
(add this line)
log_format newformat '$remote_addr "($http_x_forwarded_for)" $remote_user '
'[$time_local] "$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $server_name';
(change existing line)
access_log /var/log/nginx/access.log newformat;