Actually, Caddy doesn’t “bring the whole server down” just because one domain can’t resolve. That’s a common misconception which is explained here, and which is not unique to Caddy: How to have bad domain in config skipped - #2 by matt
In Caddy 2, certificate management is asynchronous by default.