I think you are venturing into XY territory here.
http://xyproblem.info/I think oodoo running on a different machine was part of your problem, but as you didn't say that originally, you have driven your wagon & horses up the wrong track.
Simply, the main server that fronts the internet needs a reverse proxy to the oodoo on a different host/machine.
The oodoo box does not need any proxy stuff on it. Just the main internet facing box.
You then need a host on the main box pointing to the oodoo IP, a template for letsencrypt to get your letsencrypt certs on the main box, and hook script copy them to the oodoo box. Or use the updated letsencrypt contrib in smetest which will allow you to get certs on the main box for other hosts without requiring said override template.
Note that all of that is dependent on you having described things correctly......
In essence, scrap what you have done, and go back to the start.