I just implemented this: Acquire and install certs on reverse proxy server configuration on my reverse proxy, that should do the work for you (this way you don’t have to stop apache for the challenge)
I would recommend to pass the domains as arguments “-d domain.tld -d mysub.domain.tld” so that it can run without any user input (can also be achived with the “cli.ini” file)
Also you don’t have to link the certificates to each home folder since it’s one cert for all, just think about permissions.
I’ve created a file in “/etc/apache2/https/” named ssl.conf
In that file I specify all my SSL setting and paths, then in each vhost I include “https/ssl.conf”
I’m looking at having a cron run every ~60 days to renew cert, check status (did the file change, error code 0? and so on…) and then restart apache, if there is an error it should email me so that I know it requires manual action.