Recommendation would be that you want to set up your ssh so that it only accepts publickey authentication. You also want to make sure you are not using a proxied DNS value, as CF only proxies http requests.

Personally I didn’t bother to setup ssh access as https typically works fine.

This is a reform backed culture war movement, not a real objection.

On windows if you don’t disable bitlocker, then login at least once to your outlook.com account so it can backup the key.

If you don’t want to do that, install Linux instead.

I do tend to find the native recovery tools for an os to be better suited, so one Linux live cd, and one windows installer or pe recovery tool.

Note that you need to use disk space to describe where all the slices of a file are. There are some limitations to how many pieces your files can be in. Not sure on exFATs limit, but on NTFS I know it’s a soft cap around 1.5 million parts.

Pretty much, add the new domain to certbot, then create a new server directive with the new name and certificate paths. I would probably just copy and paste the existing one for your current domain, then just change the domain. SNI will then select the right certificate for you.

You can set certbot to create a single certificate with both domains, but tbh the above is just simpler to setup and maintain.