if you use nginx you can also setup a default server to handle LE SAN SSL multi-domains outlined at Using the webroot domain verification method - #7 by Leliana. I did this for testing at https://community.centminmod.com/posts/20018/ as well. So you could do it this way for mail server and none http/https facing server subdomains etc