You have a lot of options. I think it might be better to give an overview of some, so you can think about how you want to approach this and ask focused questions later.
Since you're manipulating cert lineage by adding domains, I assume you either have everything running within a single Apache host/virtualhost block, or are sharing the same cert between different virtualhosts. The better pattern to use is multiple virtualhosts, each with their own certificate.
The basic way is to just create a new VirtualHost in Apache for each domain, and then use Certbot to handle the installation/renewal. You'll find the most documentation and guides for that. Onboarding new domains would just be via the certbot apache command, and you would have a logical partition through the virtualhosts - each one is for a domain with it's own certificate.
A more advanced way is to terminate SSL before anything hits Apache, using something that has "autocert" functionality. An example of this would be running the Caddy webserver on port 80, then just doing a proxypass from Caddy to Apache running on a higher port. (You could run wordpress in Caddy, but if you're already familiar with Apache I'd just keep that and proxy onto it.). If you go that route, then you don't really need to think about the Certificates - caddy does it automatically and you pipe all traffic back into Apache.
There are autocert options for Apache, including mod_md (mod_md - Apache HTTP Server Version 2.5). Nginx also has a handful of autocert extensions, and running Nginx in front of Apache is popular too.
Because autocert can get out of control and hit rate-limits if you're dynamically scaling nodes in a cluster, many autocert have the ability to store/load the SSL certs on a shared volume or in the cloud. That might be something you're interested in.
I hope some of this points you in the right direction.