After comparing some notes around the Internet I've came up with this "catch-all" for in Apache. So not just one vhost, anything will catch it. Keeping the configs clean and simple.
Put the following in the conf-enabled directory (Debian based systems):
Alias /.well-known/acme-challenge/ "/var/www/html/.well-known/acme-challenge/"
<Directory "/var/www/html/">
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Directory>
Enable it with a2enconf, reload the Apache service. Make sure the directory /var/www/html/.well-known/acme-challenge/ is created and owned by the Apache data user, e.g. www-data. It can be any directory, as long as you keep it consistent.
Then run this command: certbot certonly --webroot --agree-tos --email youradmin@example.com --webroot-path /var/www/html/ --domain yoursite.example.com