--expand will force the client to overwrite the existing certificate, while --force-renewal will force the client to renew the certificate even though it’s not close to expiring yet. If you still see a certificate for wwww after that (don’t forget to restart nginx), we’re looking at a rather weird issue. I’d be curious about the log files from /var/log/letsencrypt if that’s the case.
I must have made the typing error the first time. At that time, my keys were stored in the comfortglobalhealth.com directory in the Lets Encrypt directory structure.
After regenerating the keys making sure I made no typos, I was pulling my hair out, since I was getting the same error. After following your instructions, I see that the new keys are stored in the www.comfortglobalhealth.com directory (instead of just comfortglobalhealth.com), and had to update my configuration files accordingly.