A quick note on:
2019/12/13 12:00:34 Could not load a CSR: The list of provided domains does not
match the one on the CSR.
When you run LE64, and the list of domains is provided on the command line and also a CSR file already exists, one of the checks done is to make sure that you are issuing certificates for what you actually intend to issue them for. So the list of domains is extracted from CSR and compared against the list provided on the command line. If there is a mismatch, you will see an error as shown above. If you are sure that the list of domains on the command line is right, just delete your current CSR and re-generate it (either by yourself or by letting the client to do so with -generate-missing). If you believe it is the CSR list that is correct, you can just remove the domains list from the command line.