non-canonical SNI list is highly volatile. Meaning that we can potentially lose control of one domain and with the current behaviour acme-chief would fail to issue the certificate where that domain is listed, affecting up to ~40 SNIs.
Taking into account that we're using dns-01 challenge for validation, we can programatically verify that we are able to fulfil challenges for a specific SNI before issuing the certificate.
Ideally instead of stopping the issuing/renewal process for the affected certificate, acme-chief should be able to ignore the affected SNIs and get a certificate for the still valid SNIs.