I thought I had resolved all the issues after migration a few months ago. I was wrong However I cannot enable a new site for LE. Certbot is installed and working. Existing certs have so far renewed, the panel certificate renewed sept 25th. Inbound traffic works just fine (you can load the website from outside and inside). I have disabled the LE check. Opnsense isn't reporting anything as blocked, and i verified that outbound traffic from the server is going out nat'd using it's same inbound IP. I've missed something and I've checked the FAQ (https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/).
Well one more search took me this thread, and that was the fix. Deleted the old account folder and LE worked on a new site. https://forum.howtoforge.com/threads/problem-with-letsencrypt-after-migration.81228/