First, use certbot the way you normally would, but take out the domain you want deleted. This should give you a new certificate like example.com-000X.pem
Update Nginx with the new .pem files. Now you have an old, unused certificate that’s no longer needed. It’s very important to delete that old certificate because it will break your auto-renewals!
List all the certificates we have.
Then delete the old, unwanted certificate.
certbot delete --cert-name the-cert-name
Found this solution in the comments here – https://www.jeffgeerling.com/blog/2016/remove-single-certbot-letsencrypt-certificate-server