http://u.qdnx.org/file/-20170525T033859-catmpyl.html
How timely! I'm fighting with !LetsEncrypt certs, Apache virtual hosts, and two !XMPP served hostnames and MUCs. I want to have separate certs for the XMPP server and the Web service, even though they share the same domain name (best practice determined from the #Drown vulnerability). I'm making progress, but no success yet.