diff --git a/certbot/renewal.py b/certbot/renewal.py
index 3682c50d5..b5b982972 100644
--- a/certbot/renewal.py
+++ b/certbot/renewal.py
@@ -301,7 +301,10 @@ def _renew_describe_results(config, renew_successes, renew_failures,
 def renew_all_lineages(config):
     """Examine each lineage; renew if due and report results"""
 
-    if config.domains != []:
+    # This is trivially False if config.domains is empty
+    if any(domain not in config.webroot_map for domain in config.domains):
+        # If more plugins start using cli.add_domains,
+        # we may want to only log a warning here
         raise errors.Error("Currently, the renew verb is only capable of "
                            "renewing all installed certificates that are due "
                            "to be renewed; individual domains cannot be "
diff --git a/certbot/tests/cli_test.py b/certbot/tests/cli_test.py
index 31056cafe..d7965a24e 100644
--- a/certbot/tests/cli_test.py
+++ b/certbot/tests/cli_test.py
@@ -712,6 +712,12 @@ class CLITest(unittest.TestCase):  # pylint: disable=too-many-public-methods
         self._test_renew_common(renewalparams=renewalparams,
                                 assert_oc_called=True)
 
+    def test_renew_with_webroot_map(self):
+        renewalparams = {'authenticator': 'webroot'}
+        self._test_renew_common(
+            renewalparams=renewalparams, assert_oc_called=True,
+            args=['renew', '--webroot-map', '{"example.com": "/tmp"}'])
+
     def test_renew_reconstitute_error(self):
         # pylint: disable=protected-access
         with mock.patch('certbot.main.renewal._reconstitute') as mock_reconstitute: