Both servers and the DNS has been setup weeks ago… so TTL would have timed out, also note, I am using external DNS servers completely under my control, so In my mind anyways, MIAB DNS should have nothing to do with anything other than the MIAB LE provisioning.
That gives me an idea though, there are websites like https://www.whatsmydns.net and https://dnsviz.net/ that I’ve used before to debug… I better have a look at them and see if there’s anything that stands out. thx.
I’m thinking that it’s some kind of misconfiguration or quirk of nginx. I think what must be happening is… http request comes to webserver, then the webserver, for unknown reasons, bounces the request over to the mail server,
BUT’
if an https request comes to the webserver, it redirects to the “base” website of the nginx server… the first server block of nginx… I don’t always get nginx pattern matching rules 
does anybody?