diff --git a/bin/gen-tls-cert b/bin/gen-tls-cert
index 35a9c1f..20b468b 100755
--- a/bin/gen-tls-cert
+++ b/bin/gen-tls-cert
@@ -19,7 +19,7 @@ openssl req -nodes \
     | agenix -e secrets/tlskey.age
 
 cat > "$tmp/extfile" << EOF
-subjectAltName=DNS:roam.lan,DNS:*.roam.lan
+subjectAltName=DNS:roam.lan,DNS:*.roam.lan,DNS:git.lan
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage=digitalSignature,keyEncipherment
diff --git a/pki/ca.cert b/pki/ca.cert
index 78901f9..aa19f71 100644
--- a/pki/ca.cert
+++ b/pki/ca.cert
@@ -1,19 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDBTCCAe2gAwIBAgIUQZNUMLFIGLdsj9Cj3a3TpX45Wv0wDQYJKoZIhvcNAQEL
-BQAwEjEQMA4GA1UEAwwHaGRfcm9vdDAeFw0yNTEwMDQxMTU3NTdaFw0yNjEwMDQx
-MTU3NTdaMBIxEDAOBgNVBAMMB2hkX3Jvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC7bpbr+iJ4O5asQmy3bP1xe0hgNkU3BqKGxFmQ5neKDMBEhnHt
-ubb0jlPDns9reawX/2/7MGZFKTHvjlzZdKkSA+7t/afRs4O/sP3gqN0N7g6QdRGt
-aC+7skib+tN1mrx7ZlL3UXhDE4iLhwff1PJdsGuwW3Kt4GoXISwaQlFrAhGNyuB9
-5ZQuGk4TySiBRsghg/Q54V7njl7Ob5XfH2MfgONPTpd7j58kA4g5Y5HJYK6THdzU
-GZG5YrxWdmxRRhXC0LFPvS/QRc/HzvOdjryEgAQBl0VUNaU+hsd0smxNWFCbUIx3
-XafZXxlDGFnU8ktbkgHnMjlgbteBYxx9BB/BAgMBAAGjUzBRMB0GA1UdDgQWBBQM
-lKKCnjZOHyPIm1peyUgQLErdRTAfBgNVHSMEGDAWgBQMlKKCnjZOHyPIm1peyUgQ
-LErdRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCMviNrad9B
-I2XL3grAeyWAsbo9Ne4UApozzjInbX/fczxuP0QL9zSt6l3FVgN2HOnd56NjwSKF
-LJyGJwjO+HoC6XDGIcMwFvch16FSTzuORKMCjWOXEq2ZFsbTa8fcSyfXRq+xcdc+
-lgaqsEMBaO3vi19nFxEOO7Ps467F46uHF8RuTCnslI0UCHWiHoOT0n0E7Pr++IX/
-bsVeL5xRKivi37JMAkAGWPH3qqpk4wh3dgLbPBcwDf/nf6ERS2yGtAF1Ucwpg/9W
-7jvtw3TScoL4Fwl0X52aaF1WqRaS1Ovo3DLP8QfeyUVtDCxKdc+YgwXRJ963QDsX
-Oj33DVkzEVG1
+MIIDBTCCAe2gAwIBAgIUOp5TCMV734ZH8n7S9qMstDeLUgAwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHaGRfcm9vdDAeFw0yNjAxMzExMjA3MzhaFw0yNzAxMzEx
+MjA3MzhaMBIxEDAOBgNVBAMMB2hkX3Jvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCry5pMvP7Bm3nypYbD4E1RR5Gyu2CkatkRSRBK39NvfkX7GOLJ
+9bWDRDNUj6bw97ZyhCbw7ySV3KI5XfWfy9HWqJtEca3qGg0AwOxuke4Bhl11mb52
+RvU3y8qYLw5imvqKoX5iARmf+o6mk9cu0IFOTypRjgVEeTPM+i65qvwPs+estAl9
+bW7MrxN07hIzDvDWaXnYkIL+3TOXHq+zldD/5f5L17F3XHGUK2yKXBahcdcL2gdj
+eXCb6mXdNmp6dD6CXVSY8EBFjoJyYHAfn13c3f29lIItQU2r8wWt/irNpf5pl7r2
+qyrzDB4q4L5QGhKkZhs05rU6YTReLPKAAl2XAgMBAAGjUzBRMB0GA1UdDgQWBBRk
+r8YAWbZlBTwJQhL2gAyzEk/dhTAfBgNVHSMEGDAWgBRkr8YAWbZlBTwJQhL2gAyz
+Ek/dhTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA1LDP92xo4
+iOIvXZ0uVqR95/2QaB0zARvqP6nJ9XtfyyeDj8fF/iPz0/2FO8Svkba/5ZlEpr19
+49PQ1ufkCVhJTh1aCkJLjmiyYeBZXFRjbw7Tr3O9f9Pe8Ud01nwHyaLl3GHaacL1
+DGjSIpEbkS6zxDxfwhzqXnqKvT37Gcy+hpmMkRX7a3RyYg696azAd+bTjxKpCqmC
+iL0YrH4cnQ8sbKklKNxjjRVAjzWQ7BhPcIXABauNgIOvHHDe7NWcAEMMca5Fcmja
+tRsMLlfwyBM4YgRi9dq66C+LU+LuzBF5L0WTcwf8mXJDieE53A/4D0fig7+nkJrM
+8sWed8nJa0FF
 -----END CERTIFICATE-----
diff --git a/pki/server.cert b/pki/server.cert
index 3e99c74..35c78dd 100644
--- a/pki/server.cert
+++ b/pki/server.cert
@@ -1,20 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIDQDCCAiigAwIBAgIUNoexai8hK2EXKI7S0NuZFuhtVF0wDQYJKoZIhvcNAQEL
-BQAwEjEQMA4GA1UEAwwHaGRfcm9vdDAeFw0yNTEwMDQxMTU3NTdaFw0yNjEwMDQx
-MTU3NTdaMA4xDDAKBgNVBAMMA2xhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMY1qSgzUCcRRyJXsd+8KWRfPS4BMWXRKJwsH3RKXBEFVO5SZGynV5AD
-W6sUw/2VeIW1LLhpt7AnEblJ0zVNcIcFyisAGQK0sLgSmPZ0q6j1MHXd37hVQ5GX
-7DQ/ZMSPuOJgCpSjWVvCmnUOWlkZtqUpPKIxpHH5YsakbLorQgHiGYjiHeWJTqM7
-Ahi9IaMCRwgBK0G8TQ3jI2CUk1OxX4r48pxp7kR3u+rRLec5ZdzefMboyL6m9K4P
-r3MA10uF8SvzEC9IH1PixGMgqW6iMBsscuNGMoWPf6MWnJwYr3DOe1B8G0VrFdZg
-mENh84jJhPcKrHTsszdj8fkl0K30ezsCAwEAAaOBkTCBjjAfBgNVHREEGDAWgghy
-b2FtLmxhboIKKi5yb2FtLmxhbjAfBgNVHSMEGDAWgBQMlKKCnjZOHyPIm1peyUgQ
-LErdRTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD
-ATAdBgNVHQ4EFgQU7XO2i2IykvfcecBTdKGUA8zYxAUwDQYJKoZIhvcNAQELBQAD
-ggEBACCt6e3OSOVhqf/hD4rOJMi8rTlOMBroI8ErbDuXKF3NBNfe3vIZBtqaDxeC
-1XhuSFAH5RYJupRF/vRlW58M+r1qeRakhHIpFEJDJle0dr3kw27IS+OyxSH4d3vd
-3PvUsPLAtO8Cz/SXo6OkkEboNwEWmCuOWjyyj2lbDVpO3wPVUcy7kRLQBqGnv+Eu
-xY059qByIZqr0SKrn0MttCRZbfzngdVXyQjC9wyTrQ+yDCE0Cng5omvw7pFrUb/W
-0v/JJYXrXXM7/JEtxC2+kbp3uH8zcDorOS3pVtHRROhHSvi83ggTHFCEXzUVtWNH
-M7aWXTM62DaugxDtvaPkfyS4Bv8=
+MIIDSTCCAjGgAwIBAgIUFoZzGii77TrKqg6r5NgmrqGNb8UwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHaGRfcm9vdDAeFw0yNjAxMzExMjA3MzlaFw0yNzAxMzEx
+MjA3MzlaMA4xDDAKBgNVBAMMA2xhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJmkEtAdsqVR8zVVoGgVL351Z5spsDbkjYGqM83XN6Edkx33c64FuoOY
+MpD/NqoC7eReQGJ3Oz6cjF+Oe35gO1jyJsQmsjCFVyzyihDjtczGAE6SoaS67kaq
+w2K54myAGo2ESKkzU776gZM0/V44tJuJVWBumxWHmajSgsAdBCGIUKSJJolJvt90
+ghyuoTLS9u1B2wtNvhvWHEwpzCOV3LwWraroDHYXL2tKTMrpqpj6lev/8t9gIPCM
+/q2oN0ILSPyScpuQHP0/Aky9kPycw3EdiTNPqh2UnI/2pw0LNHa3F3dp/f47kqSd
+DlXLkveKPgJLRIbxCJGdgvoacGMce0MCAwEAAaOBmjCBlzAoBgNVHREEITAfgghy
+b2FtLmxhboIKKi5yb2FtLmxhboIHZ2l0LmxhbjAfBgNVHSMEGDAWgBRkr8YAWbZl
+BTwJQhL2gAyzEk/dhTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAK
+BggrBgEFBQcDATAdBgNVHQ4EFgQUNLp+qukOiO3z/cfjk4fBalMnOswwDQYJKoZI
+hvcNAQELBQADggEBAFoDA+AHIdBUtpTa1bVXSy4Y53Kn2OMopA47qxY+sgXS0UGx
+2fz7dyhy68AG3V5VnVKpnNAjJdeZdQww3N7KNmjsoI+p5mS+AHucLcMLJaqFaA0t
++jyLepQFdeh2/VkmbIwFQW+T/oBoCP4i4tkmaa/9mKSkbEOAadcucg7viqmRKN/b
+DJNMkhiahpCATpxRno8ybUzn907UTKBQOseZMW53ecKkgcPQOF6apsM7+/jXkOrO
+D9QeVWCdLLAnpLlubqbuGxPjI0RbLHXwKFayRwKEMj3Gn9njqcZfkVM3QJHc8Pn9
+eADOacl+F1jPO2nTTOQ9tZzfyHW4Gd5tpWqpEb8=
 -----END CERTIFICATE-----
diff --git a/secrets/tlskey.age b/secrets/tlskey.age
index 99fc887..6e17a67 100644
Binary files a/secrets/tlskey.age and b/secrets/tlskey.age differ