How timely! I'm fighting with !LetsEncrypt certs, Apache virtual hosts, and two !XMPP served hostnames and MUCs. I want to have separate certs for the XMPP server and the Web service, even though they share the same domain name (best practice determined from the # vulnerability). I'm making progress, but no success yet.