Using --standalone indicates that Certbot will be binding a small webserver to port 80 to respond to HTTP-01 challenges.
The HTML output you’re seeing in the urn:acme:error:unauthorized error from Let’s Encrypt seems to indicate there’s another webserver actually answering the HTTP-01 challenge verification requests, and serving page content instead of a challenge response.
My requests to office.spartagency.com are showing a Server: nginx header in the response. Did you previously have something in your Nginx config that would direct requests to /.well-known/acme-challenge/ to the Certbot standalone server? In general are you sure that nothing has changed in the way that HTTP requests to the failing domains are routed?
Have you considered using the Certbot nginx plugin instead? It would let you renew this certificate without having to take down the Nginx instance by having Certbot write the HTTP-01 challenge response into the Nginx webroot.
It’s difficult to diagnose your problem since I assume you’ve started the Nginx instance again. To be able to help we would likely need to see what is happening when Nginx is stopped and Certbot --standalone is running. Using Certbot’s native nginx plugin is likely a better path forward unless there’s a reason it can’t be used in your environment.
In the end it was the router configuration which forwarded port 80 to different virtual machine and what differed from other times is this time cert actually expired so it didnt use tls-sni for renewal, but http and it ended up on different server