We list both domain names (two -d clauses) and specify the exact cert to update with --cert-name. Certbot will probably ask if you want to expand the cert and confirm that.
If you want the exact command to use please show either this cert's renewal file from the /etc/letsencrypt/renewal or just show us the command you used.
UPDATE:
And once you have everything using the new cert you should delete the older ones
sudo certbot delete --cert-name X
Where X is the name from "Certificate Names" from certbot certificates
Ah, got it, I did read about expanding a certificate - I'm going to actually know what I'm doing here if I'm not careful... This was the certbot command I used just for completeness:
So here's what I 'think' would be correct @MikeMcQ - grateful if you get a mo to check - guessing the single quotes I used (copy/pasted from a guide) are not really required btw?
The single quotes may be required depending on your shell. I'm usually in zsh, and you would need a quote to prevent the shell from trying to expand the wildcard.
This way should work under all shells: sudo certbot certonly --manual --preferred-challenges=dns --cert-name orchardmusic.com-0001 -d orchardmusic.com -d '*.orchardmusic.com'
[you only need to quote the wildcard]
many thanks Rudy.