# 0) (optional) Verify HTTP works
curl -I http://id.generalinfinity.cloud

# 1) Make sure nothing else is grabbing 443 (Caddy, etc.)
sudo systemctl stop caddy 2>/dev/null || true

# 2) Recreate a SAN cert that includes ALL 4 names
sudo openssl req -x509 -nodes -newkey rsa:2048 \
  -keyout /etc/nginx/local.key -out /etc/nginx/local.crt -days 365 \
  -subj "/CN=github.generalinfinity.cloud" \
  -addext "subjectAltName=DNS:github.generalinfinity.cloud,DNS:call.generalinfinity.cloud,DNS:id.generalinfinity.cloud,DNS:relay.generalinfinity.cloud"

# 3) Correct permissions (nginx can read the cert/key)
sudo chown root:root /etc/nginx/local.crt /etc/nginx/local.key
sudo chmod 644 /etc/nginx/local.crt
sudo chmod 600 /etc/nginx/local.key