I double checked my ports again and I noticed that the port forwarding was only set up for my server via a wired connection, whereas my server is now connected by wifi in my new apartment due to the ISP hook up being in the bathroom for some reason.
So I updated the port forwarding for the router to point to the wifi and it appears to have worked. Or at least when I go to https://cloud.aslanfrench.work I get a SSL cert error instead of a refused connection, which matches what happened when I had the DNS pointing to the internal IP.
So now it works except for the broken SSL.
With that in mind I ran certbot again and geto the following response:
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for cloud.aslanfrench.work
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: cloud.aslanfrench.work
Type: connection
Detail: Fetching http://cloud.aslanfrench.work/.well-known/acme-challenge/ChvbUe1FL8m9brA2C7rwtJr3cziVTD3gjZqfaWP2sQ0: Connection refused
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.