iphone1903 If you are using Cloudflare, I understand why there were issues to issue SSL certificates with Let's Encrypt (we still have few fails when issuing certificates under Cloudflare CDN).
But in fact, if you use Cloudflare and if you set SSL mode to "Full" in the Cloudflare Dashboard, you do not need to issue a valid certificate for each subdomain.
You can use the same certificate by making a copy of
/var/www/sub1.site.tld/conf/nginx/ssl.conf in the other subdomain conf folder like
The certificate displayed to your visitors will be the SAN certificate installed on Cloudflare servers.
Another working solution is to use Cloudflare Origin certificates :