It has an "Alternative name": social.aqeeliz.com
This was another subdomain, that I recently disabled. I don't know why it's an alternate name, it was a long time ago when I got their certificate, so don't remember what I did then.
Now, when renewing cloud.aqeeliz.com, it says:
Renewing an existing certificate cloud.aqeeliz.com and 2 more certificates
Then it gives the error that it can't find DNS for social.aqeeliz.com (because I disabled it), and fails the renew.
I assume I can easily fix this by re-adding the social.aqeeliz.com DNS entry at my domain level, but I am wondering, if there is any way to unlink this (and the other entry, apps.aqeeliz.com - which is still active and also has a separate certificate) from alternate name of cloud.aqeeliz.com?
Another option would have been --allow-subset-of-names, but you'd need to absolutely sure the unwanted hostname is the only hostname not validating. Luckily, the other hostnames already have been validated in a previous, failed renewal attempt and those successful validations should be cached for (currently) 30 days at the Let's Encrypt servers.