Just for the records, there is also an option
--allow-subset-of-names that you could use to renew a cert but excluding domains that don’t validate anymore.
When performing domain validation, do not consider it a failure if authorizations can not be obtained for a
strict subset of the requested domains. This may be useful for allowing renewals for multiple domains to
succeed even if some domains no longer point at this system. This option cannot be used with --csr.
letsencrypt-auto renew --cert-name domain.de --allow-subset-of-names
Said that, my advise is to not use it Use the example @mnordhoff posted above because you will have control about what is going on and using
--allow-subset-of-names could have unexpected results.