One of the annoying things about LetsEncrypt- if you run multiple zones from the same IP, it tends to make them Aliases of the primary zone.

Recently, I’ve worked to break away a couple projects from the primary zone, and it’s not gone all that well, with LE refusing to remove them or renew the other zones with those certificates still being part of the bundle.

So, I’m going to take one on the chin and rebuild all of the certs separately, which causes minimal more load for them, and a big headache for me.