I created a cert using --webroot for multiple domains. Some of the domains share the same directory, e.g. acme.com and www.acme.com. This worked fine. Last night I had my first automated renewal. This also worked fine, except I got a bunch of messages about “Unable to clean up challenge directory”. Checking the filesystem I found .well-known directories in all the webroots. They were all empty, so the acme-challenge subdirectories and the randomly-named challenge files were successfully removed, just not the upper-level directory.
Manually removing the .well-known dirs was easy enough, but certbot should really be doing that itself.