I just replied to this in the other thread you commented on. Sorry, I didn’t realise you’d started a new thread.
To answer the first part, basically you can’t mix “certonly” with the “-apache” flag. The apache flag alters your Apache config, so it’s not “only” obtaining a cert. Certonly works with “standalone” or “webroot”.
To renew, just use the option “renew” and nothing else. That is, “letsencrypt renew”. Create a cron job or something and you’re done! The guide advises that you run the cron daily, but I’m running it weekly (I figure if the LE system is down, I still have two or three attempts before expiry).
There’s also a new flag introduced in v0.5 which allows you to run the command silently, so you won’t get an email if nothing goes wrong. (Sorry, I can’t remember it off the top of my head.)
Oh, and don’t forget to add “apache reload” or “postfix reload” to your cron job 