Let''s Encrypt is phasing out the TLS-SNI validation method, used by older versions of Certbot's Apache plugin, for security reasons.
See these threads for more:
You can run a slightly different Certbot command, or upgrade to Certbot 0.21.0 or newer. Since the PPA is still packaging an older version, you may have to install Certbot a different way, like by using certbot-auto.