I left off with the rfc2136 authenticator working but as I forced it manually to renew the wildcard cert via the DNS-01 chakllenge - and I had to wait for a renewal to see if it work through the cron job. It did not work
See CNAME config and rfc2136 authenticator config
All was correct except that named needed a restart while the propagation was waiting
Anyone have a suggestion (or scripts) for how I could write a script to do this or call the renew via the manual shell authentication method instead
certbot certonly --manual --manual-auth-hook /authenticator.sh --manual-cleanup-hook /cleanup.sh -d “*.domainname.com” -d domainname.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory