Call your Let’s Encrypt certificates for your ‘obfuscated’ domains and sub-domains from/ through your other WEB server(s) under IP’s 138.201.245.252 and 78.47.139.134 If you have Let’s encrypt installed in their respective web servers …
This post may help you, too (just note Wosign certs. are in the way to be banned by major browsers and creating new ones through them are no more an available alternative).