We need to find that cert with 6 domain names in it. That is your active cert and is not shown by Certbot.
Would you show output of this? I am pretty sure this works for Tomcat the same as "regular" Apache
sudo apache2ctl -t -D DUMP_VHOSTS
Also, the certbot-auto script was deprecated a very long time ago. And, those crontab options are a poor choice. It only runs once per week.
You get a cert nearly every day for one of your domains so something else must also be requesting certs.
I'm not sure I have enough time to work through all your problems. I think you should consult with an Apache Tomcat / Ubuntu server admin specialist. Your Ubuntu needs updating anyway as it is no longer a supported version.
I can help you find where these other certs are being created. But, I doubt I will have enough time to work through all of your problems one post at a time.
There are some paid consultants which might be better given the scope of your problems. See