Letsencrypt offers you to combine multiple domains into a single certificate or to separate them for each domain. When doing the latter you should mind the rate limits.
cli.ini
rsa-key-size = 4096
#server = https://acme-v01.api.letsencrypt.org/directory
authenticator = webroot
webroot-path = /var/www
email = youremail@domain.tld
renew-by-default = True
agree-tos = True
certbot --config /etc/letsencrypt/cli.ini certonly -d sub.domain.tld
You can also combine a group of domains to share a single certificate.
certbot --config /etc/letsencrypt/cli.ini certonly -d domain.tld -d www.domain.tld -d sub.domain.tld
httpd.conf
SSLCertificateFile /etc/letsencrypt/live/$servername/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/$servername/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/$servername/chain.pem
Renewal
certbot --config /etc/letsencrypt/cli.ini renew