@jvanasco
Problem is mostly fixed. Thank you all.
I am still having problems with getting all the appropriate certs, but at least I can fix it now when I break it.
One of the remaining problems is I will need a couple of extra certs for differing virtual servers and certbot in its authentication scheme (challenges) complains about this as
sudo certbot certonly --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): www.waltr.net www.waltr.org waltr.net waltr.org ipv4.waltr.org ipv6.waltr.net
Requesting a certificate for www.waltr.net and 5 more domains
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: www.waltr.org
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for waltr.org - the domain's nameservers may be malfunctioning
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.