because of possible cerbot errors ...
maybe you could integrate a lookup to make sure the domain name still resolves to the assigned IP address before a cert can be re-issued or renewed.
In previous versions of the plugin there was also, a DNS lookup was made but I've removed that feature for performance reasons. The error from certbot is sufficient.
The only thing missing at the UI level (customer) is a button allowing to make a new try or remove the SSL certificate in case of a certbot failure, whatever the reason is.