Hello Uwe ,
extending LetsEncrypt is possible by using the -d flag to extend used LE domains:
certbot certonly -n --standalone --agree-tos \
--preferred-challenges http \
--cert-name="<ssl-domain1>" \
-d "<ssl-domain1>" \
-d "<ssl-domain2>" \
-d "<ssl-domain3>" \
-m "<ssl-mailforLE>"
The certbot renew timer takes care of the renewals automatically every week, no matter what you generate for that system, you can check its running by:
systemctl status grommunio-certbot-renew.timer