Actually I got SSL working for skynfüd.com (skynfüd.com) and pointed skynfud.com at it from Lightsails Hosted Domains... only this second domain wasn't secure yet, so I stupidly followed the tutorial again and broke it. (I now know from a better article I should've just used -d to add a list of domains instead of trying to make a certificate for each).
I used Certbot and followed the Amazon tutorial exactly (but twice).
My question is, can I just delete my Wordpress/Lightsail instance (it's blank anyway) and start a new one, ask for the certificate again but this time just add -d for each domain to add get the SAN/Multi-domain certificate I really need?
Or will this cause my domains to be blacklisted due to asking for another SSL certificate? I keep thinking that if I ask for another certificate whilst one exists and it includes another domain that already has a certificate then the whole thing's going nowhere...?
In short, yes, but you should of course take this as a learning experience and be mindful of the rate limits (in particular the duplicate certificate rate limit).
Nope, you just might be hindered by the rate limit (unless you do something grotesquely excessive).
That's often referred-to as "certificate expansion" and is quite common.
For your reference, you can find all of your Let's Encrypt certificates (and many from other CAs) by searching with https://crt.sh. Be sure to use the "deduplicate" advanced option to prevent your Let's Encrypt precertificates from cluttering up the output and causing confusion.
Can I check before I mess this up again... I just add a -d and list the domains I want on 1 certificate? Then any domain that gets pointed to my Lightsail instance will be checked against that SSL list and register as secure to a web user?
As an aside, the tutorial you linked to seems to use manual DNS validation, if you followed that instead of using http validation then you will need to manually update your DNS challenge TXT records every time you want to renew (these challenges get cached for approx 30 days thereafter you need to complete new ones).
http validation is probably better for simplicity/automation unless you specifically need DNS validation and can't use an automated DNS plugin/script.