Hi @Kaplan
tls-sni-01 - validation is deprecated, support ends 2019-02-13.
So use http - validation:
sudo certbot --apache -d surgicalcenterofsandiego.com -preferred-challenges http
Your configuration
looks ok. Port 80 is open, there is a redirect http -> https, but Letsencrypt ignores the expired certificate.
So the http status 404 / not found is good.