[edit]
You should probably check: certbot certificates
(before and after your test)
Once successful, you should be able to reference it via the new cert-name.
And it would also have a renewal conf file - which could reduce future renewals to just: cerbot renew --cert-name <new.cert.name>
You will, however, be required to update any vhost files that will be using the new wildcard cert (but just once).
It doesn’t seem as though Certbot’s Apache plugin provides a way to solve this non-interactively.
I would agree that certonly and pre-configuration of the virtualhost is probably better for Ansible. It more closely follows the concept of idempotency anyway, since the Apache plugin will alter your configuration.
So for the moment, I just went with using the “expect” module from ansible and reverted the installation mode back to interactive, then from the installation prompt input the choice, so that, I didn’t have to depend on any automation flag.