So, step one is to delete that inactive DNS zone as everything else is working. (You can activate it instead but I’d save that change for another day and just focus on getting SSL working first.)
Next, you do need the www.dashboard CNAME DNS record if you want www.dashboard.logsistemas.com.br. Please note this is optional. While you can point this domain to Netlify you can also just use dashboard.logsistemas.com.br by itself if you want to. Again, it is up to you if you want both to point to Netlify or not. I think @coelmay was only pointing out that this is optional here:
To summarize, there are three requirements:
Delete the DNS zone that is inactive.
Make CNAME DNS records for any (non-apex) domain names that will point to sites at Netlify.
Add the domain names you made the CNAME records for, to the site settings at Netlify (the settings in your screenshots under Site Name > Settings > Domain management > Custom domains).
After that, then click “Renew certificate” at the bottom of the same domain settings page from step three. That should work to update the SSL certificate. If not, please let us know and we will take a closer look.
My apologies @developerLogSistemas if my statement was misinterpreted. As @luke points out, I was intending point out that this was not necessary, and is perhaps a little non-standard (e.g. this forum is answers.netlify.com and is not available via www.answers.netlify.com.)