I looked through those reports myself.
I have a theory - will certbot follow a 80->443 redirect? According to this reply, it will not:
If that's true, then it explains why certbot is returning the error (yet doesn't really solve my problem).
Edit: Double checking, I see that http-01 is in the error I pasted above.
I am using the webroot plugin (originally set up using the link here
I'm wondering if should instead be using the nginx plugin?
I tried specifying --preferred-challenges when running the renew but it will only let me use http-01.