Lastly, before I go, if the certbot is under your organizaion control, I suggest / recommend the enhancements I had proposed in my first email.
1.When auuto or certonly run, decouple the terms virutal servers from sub-domains in all the msgs. There can be #of SubDomains X #of ports listened to VirtuualServers.
- You issue certificates for sub-domains (or soon *.domains). The user already have some ports they listen to (do not assume 80, or 443). So in your certifcattion/verfication process just use tthe ports that are already in the listen directives of apache2.conf.
2B. A better algorithm would be:
When you list the subdomains as you currently do, for the user to manually select the desired one, instead list the virtual servers avaialble, INCLUDING THE :port.
So when a user selects my.domain.com:nnnn, you verify using port nnnn, and issue certificate for my.domain.com.
When you implement tthis in your certbot, a lot more clients would run automatically, and a ton of questions to support will go away!!
Thank you again for all your support!