This issue is summarized here: https://forum.virtualmin.com/t/apache-crash-during-lets-encrypt-renewal/...
Essentially, LE requests and receives approval for a cert. Apache gets a restart request, but after the cert file is written, the key file has not yet finished writing to the filesystem, httpd detects the cert/key mismatch and the entire server goes down.
14:45:41.573 - LE reports that it is done 14:45:42.307 - Graceful requested 14:45:42.631 - ssl.cert written (ssl.key not yet modified) 14:45:43.047 - apache is reading configs, ssl mismatch, crash 14:45:43.619 - ssl.key written
Is it possible to - specify a slightly longer delay in requesting the restart of httpd, or - specify the daily schedule that LE checks domains for renewal so that if the issue persists, it manifests during non-peak, non-business-hours