@jrex I would recommend you to have separate certificates for your domains based on from what server they will be served and reachable online to help certificate(s) renewal process when needed.
SCENARIO:
-
You have a mydomain.com then you need at least:
- a box.mydomain.com certificate
- a mydomain.com certificate
- a www. mydomain.com certificate
Then config. all of them through your MiaB server to manage their DNS’s but set your custom A records pointing to your other web-server IP for 2) and 3) before to order the let’s encrypt certificate for your 1) and the given certificate will be issued for box.mydomain.com only.
Then go to your web-server and set there the certificate(s) you wish for 2) and 3) from let’s encrypt or wosign-free at your convenience (zz).
Consider this way for additional domains and/or subdomains, too
Doing it that way will save you of headaches at certificate(s) renewal time.
Hope this helps. rgrds
(zz) Unless you’re using a let’s encrypt integrated web admin panel like serverpilot.io in your web-server that will help you to manage your domains certificate renewals for your apps. (let’s say joomla, wordpress, drupal, grav … ) I would recommend you to manually set a 1 year (or 2 years) wosign FREE certificate(s) for each one them, instead.