TLS-SNI-01 challenge type that the apache plugin uses won’t work reliably in a multi-server environment, because you can’t predict which of the servers will handle the validation request. A better solution would be using the
HTTP-01 challenge type with a central validation server (using HTTP 301 redirects), or
DNS-01, which would require using an alternative client such as lego or one of the bash clients.
Here’s a short description of the central validation server approach I mentioned, from the Integration Guide.
All of these approaches have one thing in common: distributing the server key and certificate to your servers as well as configuring your web server to use them is something you’ll have to take care of (as opposed to the apache plugin doing it for you).