Split the certificate keys by primary domain

apptabulous/reverseproxy/conf.d/reverse_proxy.conf

@@ -14,8 +14,8 @@ server {
     listen [::]:443 ssl;
     server_name m5p3nc3r.co.uk www.m5p3nc3r.co.uk;
 
-    ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
+    ssl_certificate /etc/letsencrypt/live/m5p3nc3r.co.uk/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
+    ssl_certificate_key /etc/letsencrypt/live/m5p3nc3r.co.uk/privkey.pem;
 
     if ($block_uri = 1) {
         return 403;
@@ -34,8 +34,8 @@ server {
     listen [::]:443 ssl;
     server_name gitea.m5p3nc3r.co.uk;
 
-    ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
+    ssl_certificate /etc/letsencrypt/live/m5p3nc3r.co.uk/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
+    ssl_certificate_key /etc/letsencrypt/live/m5p3nc3r.co.uk/privkey.pem;
 
     # if ($block_uri = 1) {
     #     return 403;

frontend.yaml

@@ -14,15 +14,18 @@
     certbot_admin_email: matthew@thespencers.me.uk
 
     certbot_certs:
-      - webroot: "/var/www/html"
+      - domains:
-        domains:
           - "apptabulous.co.uk"
           - "www.apptabulous.co.uk"
           - "hub.apptabulous.co.uk"
           - "watchtower.apptabulous.co.uk"
+        webroot: "/var/www/html"
+
+      - domains:
           - "m5p3nc3r.co.uk"
           - "www.m5p3nc3r.co.uk"
           - "gitea.m5p3nc3r.co.uk"
+        webroot: "/var/www/html"
 
     certbot_repo: https://github.com/certbot/certbot.git
     certbot_version: master

inventory

@@ -1,8 +1,13 @@
+[all:vars]
+ansible_user=matt
+
 [frontend]
-rpi4-2.localdomain
+rpi4-2.local
 
 [github-runners]
-rpi5-1.localdomain
+rpi5-1.local
+
 
 [gitea]
-rpi5-2.localdomain
+rpi5-2.local
+