As I understand, --expand let me add new domains to the existing certificates and --allow-subset-of-names let the command succeed and the certificate to be modified even if some of the exiting domains in the certificate are not acceessible through HTTP.
--allow-subset-of-names When performing domain validation, do not consider it a failure if authorizations can not be obtained for a strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to succeed even if some domains no longer point at this system.
I think you are misinterpreting the use.
If any domains are no longer accessible via HTTP, they will fail HTTP authentication.
When they fail HTTP authentication AND --allow-subset-of-names is being used, such names will be REMOVED from the resulting certificate - allowing the certificate to complete (without failed names).
[perhaps better understanding the word "subset" would be useful]
The only case where the names that would fail could still be included is if the renewal is within 30 days of a previous authentication for such names and it they would be cached by LE and not even tested.