It looks like you are probably using a PREROUTING rule to redirect port 8080 to 80.
In that case, your command should be something like (after stopping Tomcat):
/opt/eff.org/certbot/venv/bin/certbot certonly --dry-run --standalone \
--http-01-port 8080 -d vegsh.com -d www.vegsh.com -d custom.vegsh.com \
-d thevegcat.com -d www.thevegcat.com -d custom.thevegcat.com