Not sure this is entirely a Let'sEncrypt question.
I have hosted domain lets call it domain.com that uses a tool called AutoSSL to issue/renew certs for a number of first level domains via a wildcard (*.domain.com covers mail.domain.com, etc.) and several second level domains (www.mail.domain.com). All certs renew automatically except as described below.
I also have a subdomain with a CNAME record pointing to an A record provided through another DNS provide. I control the server the A record points to and have certbot running for that certificate (external.domain.com) which renews automatically.
I have a third subdomain hosted as aws.domain.com via route 53 where I have NS records where my domain is hosted that offloads name resolution for this subdomain to the route53 name servers at amazon. I have not created a certificate for this yet.
I think I want to have aws issue a new cert for the aws.domain.com subdomain that sits on their name servers vs copying the wildcard certificate so that I can have it auto renew.
My question is will this break anything because the wildcard domain also covers the subdomain as users navigate between the two. I'm guessing not since each will get it's own handshake and validation but thought I'd check since the different NS scenario is new to me.