Both are running nginx and both are currently separately encrypted.
I am wondering if there is a better/recommended procedure for securing both. More importantly, should I have some kind of link between the two, or can I keep the configuration as-is: each instance controlling its own certificate?
I then received an invalid response from the .well-known/acme-challenge.
I’m not entirely sure I need to add the subdomain to the main domain, but others attempting to access the site had some suspicious warnings on both domains post-separate issuance.
That’s the error when you tried to create a certificate containing the app subdomain on your www server, right? That’s normal and expected.
Sorry, I was trying to ask about a screenshot of the “suspicious warnings” that the visitors to your site were encountering, when you had used separate certificates.