I totally agree.
The approach I described above worked out as long as no subdomains were removed.
As soon as the old subdomain was gone out of the nameservers the approach of keeping the old subdomain names stopped working.
So I had to modify my scripting to delete any previous certs/config/etc. of that domain.
When I just wanted to update my previous answer here, I realized that you had found exactly the same “solution”.