@Michael There are obviously some flaws with the model of "trust these centralised certificate authorities to do the right thing", but TLS/SSL is an essential security measure to make surveillance and fraud expensive to attackers. Sure, browsers do have bugs sometimes, but that doesn't devalue the system as a whole.

For what it's worth, certbot renew does happily handle multiple domains on the same server - that's how I'm using it.