Okay, I was finally able to get the cert in Nginx and Truenas Scale for cloudflare. I followed https://www.youtube.com/watch?v=TJ5fDiDRcbU for truenas.
Nginx gave me a couple of errors, but after I entered admin@website email, I was able to power through.
So Let’s encrypt should auto renew a wildcard on truenas every 10 days, and nginx should renew my main domain + office.sub domain every 90. All for free.
Excellent. Hope this helps other people too.