Digital certificates

Share Lets Encrypt SSL certificate for a subdomain?

I already have a domain and a certificate set up for it. the subdomain is also configured, it works fine, if you clear the cache or reset the configs, it will work as it should. Why flush caches? Because it gives me an error:

Your connection is not private

Attackers might be trying to steal your information from subdomain.domain.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
 
Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy
Reload 
subdomain.domain.com normally uses encryption to protect your information. When Google Chrome tried to connect to subdomain.domain.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be subdomain.domain.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit subdomain.domain.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

It turns out that Lets Enc does not support wild card certificates, so 1 certificate for everything. Okay, it would seem, to share the certef and that's it. The domain is pinged, and you can go to it if you clean everything up.
I'm trying to share the certificate:

//domain.com certeficate уже есть 
[email protected]n:~$ sudo certbot certonly --cert-name domain.com --renew-by-default  -a webroot -n --expand --webroot-path=/var/www/domain -d domain.com -d www.domain.com -d subdomain.gradomaingg.com -d www.subdomain.domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for www.domain.com
http-01 challenge for subdomain.domain.com
http-01 challenge for www.subdomain.domain.com
Using the webroot path /var/www/domainfor all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. subdomain.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.domain.com/.well-known/acme-challenge/_LTs-uwQhQfgIBKIdwJiiFVTjY417BxL3Ygp-9QKJYg: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.domain.com/.well-known/acme-challenge/fmMSRRZLrg6urmM_-tUoxPI3LneOFlTY--o_mN5GRus: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.subdomain.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.subdomain.domain.com/.well-known/acme-challenge/-xAcZn0O9fJv3aDC4yulmvBvucbCpUNhNtjqFG43QmM: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: subdomain.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://subdomain.domain.com/.well-known/acme-challenge/_LTs-uwQhQfgIBKIdwJiiFVTjY417BxL3Ygp-9QKJYg:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: www.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.domain.com/.well-known/acme-challenge/fmMSRRZLrg6urmM_-tUoxPI3LneOFlTY--o_mN5GRus:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: www.subdomain.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.subdomain.domain.com/.well-known/acme-challenge/-xAcZn0O9fJv3aDC4yulmvBvucbCpUNhNtjqFG43QmM:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I also tried the new ones without the parameter. --cert-name domain.com
The nginx files are configured correctly, the hosts are all spelled out correctly, the subdomain works, pings, comes in if you clear the cache, I don’t understand why it doesn’t want to fumble the --expand certificate.
If you check the site for SSL here https://www.whynopadlock.com/check.php
It will return:

SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:

ERROR: no certificate subject alternative name matches

Certificate valid through: Dec 12 13:09:00 2017 GMT
Certificate Issuer: Let's Encrypt 
SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2
All 30 items called securely!

Please tell me what is my mistake, what am I doing wrong? How to properly share a certificate from lets Enc to subdomains?