To get to the point where I can even write these lines, I've gotten a fair few nudges that I might as well include the actual domain name(s) concerned, and maybe that really is true, but I'm fairly certain my issue is generic, and so, for now, I'll resist the full disclosure. I apologise in advance if I'm just being stupid and wasting all of our time in so doing.
Once upon a time, I registered example.com, and then, a bit later, example.org and example.net for good measure. But I wanted to use https, and I wasn't aware of Server Name Indication, so when I first set up Let's Encrypt, in 2018, I only did it for the .com domain.
I then some time later realised that SNI existed and that setting it up wasn't quite beyond an idiot like myself, so I tried that, and, it worked! But ... only somewhat.
My current situation is: I've got a .com domain that autorenews its certificate, and I've been able to pull down certificates for the .net and the .org in the past, but I can't get the autorenewal to work for them. I also notice I've got two different entries under /etc/letsencrypt/accounts:
There's a config file under /etc/letsencrypt for my example.com, and empty ones for the .net and the .org one. In trying to handcraft a config file to replace the empty ones, and then running: certbot -q renew, I've gotten various failures; the closest I've gotten to feeling like I was maybe doing something right was this error message: You've asked to renew/replace a seemingly valid certificate with a test certificate (domains: example.org). We will not do that unless you use the --break-my-certs flag!. Skipping.
My version of certbot is 0.40.0.
I am fairly sure I lifted over part of an old (but functional, and still to this day operational) letsencrypt configuration from an earlier installation, because in the (divergent) subdirectories of /etc/letsencrypt/account, I see different account strings, and the same (different numbers) for the /acme/acct/ in the URL listed in the different regr.json files.
If you have read this far, you already have my appreciation. What I'm hoping to do is get the .net and the .org domains to also auto-renew, without ruining anything about my wonderfully auto-renewing .com domain. What would be a good place to start?