That totally looks like it would work.
I wonder if a future version of Trellis might be smart enough to detect if there’s new site_hosts and remove all existing letsencrypt data… but that’s above my pay grade.
I ended up taking a lot of notes during my multisite install, was thinking of writing them up somewhere since the official docs are a bit light on … and I came across a few of the same errors over and over.