After comparing some notes around the Internet I've came up with this "catch-all" for in Apache. So not just one vhost, anything will catch it. Keeping the configs clean and simple.

Put the following in the conf-enabled directory (Debian based systems):

Alias /.well-known/acme-challenge/ "/var/www/html/.well-known/acme-challenge/"
<Directory "/var/www/html/">
      Options None
      AllowOverride None
      ForceType text/plain
      RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Directory>

Enable it with a2enconf, reload the Apache service. Make sure the directory /var/www/html/.well-known/acme-challenge/ is created and owned by the Apache data user, e.g. www-data. It can be any directory, as long as you keep it consistent.

Then run this command: certbot certonly --webroot --agree-tos --email youradmin@example.com --webroot-path /var/www/html/ --domain yoursite.example.com