I've switched to using a wildcard certificate for everything I host on *.mfashby.net.
It keeps my nginx configuration a bit less repetitive. It also allows internal services (i.e. not accessible to the internet) be secured with TLS more conveniently, and without those nasty browser warnings about self-signed certificates.