Domain Name System

Aliases for a domain with https, how?

There is a main domain, an ssl certificate was bought for several years, everything is fine.
There are about a dozen domains similar in name that look with an a-record to the same ip as the main one.
In nginx, a 301 redirect of additional domains to the https of the main one is made (the main one does not work at all without https - there is also a 301 redirect from http to https).
http is ok. Until recently, everything was fine with https.
But a couple of weeks ago, Yandex.Webmaster started swearing at a fatal error - like the certificate is invalid. I checked - the browser also has problems with redirection - swearing at the certificate.

The reason for the error is clear. Rather, it is not clear why this has worked for more than one year before. But this is not the point, but how to solve the problem?
Somehow it would not be desirable to do separately certificates on additional domains. Are there any viable options?

You can, of course, still make certificates for these domains, for example, letsencrypt, but there is also muddy with auto-update - verification files are created for certbot's check, which are requested by letsencrypt, but in the case of a redirect, they will not be able to give up - there is also a redirect ...

Traffic from those domains, although small, is coming, I would not want to lose it.

Well, I can’t believe that such garbage should be decided so stupidly ...