Best practice for adding sub-domain certificates?

So how does it eventually become?

./letsencrypt-auto certonly -a standalone -d example.com -d www.example.com -d sub1.example.com -d sub2.example.com --keep --renew-by-default

OR

./letsencrypt-auto certonly -a standalone -d sub2.example.com --keep --renew-by-default

?