So that proves @_az suggestion about the missing ServerName and where the PTR lookup comes from. However:
The strange mail123 subdomain aside, do you still have problems with certbot about your actual hostname?
Do you have multiple versions of Apache running (or even installed) ?
[not very likely, but I had to ask]
Have you moved your apache config file from the default installed location?
[much more likely, thusly I ask]
Can your search through the "default" apache location for any occurrence of mail123?
[grep -Ri mail123 /etc/apache2/]
READERS: Get involved and participate: If you read something you like, then click to like it 
@rg305 I thought we already established the mail123 subdomain isn't literally in the configuration file(s), but results from the PTR lookup of the IP address due to a missing ServerName directive? Or am I missing something?
I leave no stone unturned - even the ones that have been turned.
and "established" is presumption thus far
simply because no other way exists (was found)
Think of it this way: Would that answer apply to ever reader of this topic?
Would it include every possible case scenario?
I wouldn't exactly call it a problem, but my server's FQDN does not show up in the list. That said, I don't see why it should. Certbot provides a list of all the domains in my config files plus one in the PTR records. Why it does this is still a mystery. I have:
- A hostname defined in /etc/hostname
- Tried disabling the default config file
000-default.conf - Tried adding a
ServerNameto000-default.conf
Running hostname and hostnamectl both verify that my server's FQDN is what I think it is. Interestingly, certbot does not return my FQDN as an option but continues to offer the hostname in the PTR record. Soon this will be a non-issue since the PTR record is clearly wrong and will be updated. Perhaps it's always done this and I just never noticed? I'd typically have at least one of the vhosts assigned to my server's FQDN which should match the hostname so if there were a PTR lookup going on I just wouldn't have noticed.
Does certbot get it's list of domains exclusively from Apache? Or is it possibly doing this extra lookup on it's own? I'd like to at least establish where that value is coming from.
No
No
Yes, I've already done this in addition to nearly every other top level directory the server (see initial post).
The apache certbot module might work in mysterious ways. I wouldn't be surprised if it managed to re-enable previously disabled config files, but that would be weird.
Did this remove the PTR-hostname from apachectl -S?
If Apache won't use your FQDN, the certbot apache plugin will also never be able to use it.
As far as I know, yes, it only gets its info from Apache, with aid of the "Augeas" software.