All too often I wake up and realize that website SSL has "broken" because some web-site alias no longer works. When I go check at the ISPC web-site panel I notice that the Lets Encrypt tab is no longer marked and only the SSL tab is on. This usually turns out to be a problem with site alias or DNS configuration issue with a site alias and because Certbot is really touchy what it will renew the site is suddenly broken without SSL Cert and without any clear notification to anybody. I think we need to re-examine how web-site alias's affect the actual SSL certificate's ability to work. Alias's are nice but they should not be allowed to break the actual web-site. I realize the alias is configured in to the /etc/apache/sites-available/100-example-domain.xom.conf file and when that alias fails (because it's DNS was changed in the past month or something else mysterious happened) also the certbot renew for that actual site fails. This is especially apparent on sites that have many alias domains. Any ideas how we could add an alias site check before we let "certbot renew" break the actual site SSL certificate? I know it's not easy but I think it's something we need. Simple solution would be to send an alert email if the site can't renew it's SSL. Just spitballing here. You may start laughing now.