Letsencrypt SSL generation not correct for additional domain

Hi,

I have CWP running on a server on AWS. The server has an elastic IP.
The NAT'ed network configuration is in place.
I do not use the BIND DNS but route 53 from Amazon.

I have a root domain configured for this server : domain.be (not real domain name)
I configured AWS Route 53, i point the domain domain.be and the www.domain.be to the Elastic IP. After generation, I configured LetsEncrypt SSL and test following links :
https://domain.be
https://www.domain.be
Both give valid certificate, but mixed content >> Is fine, this is only a test page.

I created an additional domain for the user, additionaldomain.be
Identically : I configured AWS Route 53, i point the domain additionaldomain.be and the www.additionaldomain.be to the Elastic IP. After generation, I configured LetsEncrypt SSL and test following links :
https://additionaldomain.be >> valid certificate, but mixed content >> Is fine, this is only a test page.

https://www.additionaldomain.be >> INVALID certificate
I checked this and the SSL certificate is only valid for the "additionaldomain.be".
Anyone experienced this? And how to solve it? the www is not beind added in the certificate I have the impression.
Result of my trial and error is LetsEncrypt blocked me from generating certificated the next week...

Thx