I changed the certificates to be one per host and I removed the round robin DNS load balancing. It was a shitty solution.
On the first host:
certbot certonly --agree-tos -m postmaster@example.com --cert-name mail-0.example.com -d smtp-0.example.com,imap-0.example.com
On the second host:
certbot certonly --agree-tos -m postmaster@example.com --cert-name mail-1.example.com -d smtp-1.example.com,imap-1.example.com
Thanks to everybody for giving me this hint!