diff --git a/setup_local_dns.sh b/1_setup_local_dns.sh
similarity index 100%
rename from setup_local_dns.sh
rename to 1_setup_local_dns.sh
diff --git a/append_more_with_hot_reload_at_runtime.sh b/2_append_more_with_hot_reload_at_runtime.sh
similarity index 100%
rename from append_more_with_hot_reload_at_runtime.sh
rename to 2_append_more_with_hot_reload_at_runtime.sh
diff --git a/3_https_fix.sh b/3_https_fix.sh
new file mode 100644
index 0000000..8e5c37e
--- /dev/null
+++ b/3_https_fix.sh
@@ -0,0 +1,16 @@
+# 0) (optional) Verify HTTP works
+curl -I http://id.generalinfinity.cloud
+
+# 1) Make sure nothing else is grabbing 443 (Caddy, etc.)
+sudo systemctl stop caddy 2>/dev/null || true
+
+# 2) Recreate a SAN cert that includes ALL 4 names
+sudo openssl req -x509 -nodes -newkey rsa:2048 \
+  -keyout /etc/nginx/local.key -out /etc/nginx/local.crt -days 365 \
+  -subj "/CN=github.generalinfinity.cloud" \
+  -addext "subjectAltName=DNS:github.generalinfinity.cloud,DNS:call.generalinfinity.cloud,DNS:id.generalinfinity.cloud,DNS:relay.generalinfinity.cloud"
+
+# 3) Correct permissions (nginx can read the cert/key)
+sudo chown root:root /etc/nginx/local.crt /etc/nginx/local.key
+sudo chmod 644 /etc/nginx/local.crt
+sudo chmod 600 /etc/nginx/local.key