Hi @dansperfect,
In this case, Certbot is not creating a file in /.well-known/acme-challenge; it's using an older alternative method called TLS-SNI-01 (which involves creating a temporary self-signed certificate instead). TLS-SNI-01 is no longer available for new certificates, but it's still available for renewals. What's failing here is the TLS-SNI-01 validation method.
The availability of this method for renewals is meant to be a convenience to existing users so they don't have to change their validation methods, but it looks like for some reason it's not working for you, and so it's ended up acting as more of a nuisance for you.
The situation is described further in
If you want to change this particular certificate to behave like the other ones (proving control by creating a file in /.well-known/acme-challenge), you can either reissue the certificate with -a webroot -i apache, or you can be sure that you've upgraded to Certbot 0.21 or later and then reissue the certificate with --apache --preferred-challenges http. In both cases, the creating-a-flie method, called HTTP-01, will be used (although there are differences between my two suggestions in terms of exactly how and where the file gets created).