They can’t. You have to list them all on one certificate:
sudo certbot certonly --apache -d domain.com,www.domain.com,sub1.domain.com,sub2.domain.com,domain2.com,www.domain2.com,[...]
Let’s Encrypt allows you to list up to 100 names on one certitificate. If you really need a wildcard, you can do that as of yesterday, but you have to use DNS authentication instead of
--apache so it is best to avoid it if you can.
Otherwise if you really want individual certificates you have to have individual
<VirtualHost> entries to configure them in.