Finally circling back to this now.
I tried creating the link before installing certbot, but that didn't make a difference. Note that the installation routine doesn't put anything into that dir anyway. I'm not trying to move the executables, just the config and status.
I didn't try acme.sh because I want to keep the setup as simple as possible and don't want to change horses at this time, but will keep it on the radar and do some testing at some point.
The lockf issue on NFS sounds like that is the real issue. I wonder if it would work over ISCSI instead of NFS? I think I'll give that a try and reply back here.
Thanks everyone for your helpful replies!