Add dide domain to cert

[weshinsley]

This adds an extra name on the LetsEncrypt, so that the same cert will be valid viewed from either daedalus.jameel-institute.org or daedalus.dide.ic.ac.uk (which are the same machine). Acme-buddy supports this with just comma-separated domains on the --domain argument.

[plietar]

How should this alias be handled by nginx?
At the moment the nginx conf is set to serve on localhost (for some reason, I think we could remove that) and ${HTTP_HOST} (ie. daedalus.jameel-institute.org): https://github.com/jameel-institute/daedalus-deploy/blob/02fd2d113e3e19020a4b2f1e04a60aae1ee6e990/proxy/nginx.conf.template#L31C22-L31C45

I'm not too sure what will happen at present when we load a different domain name. Possibly it will load up the daedalus website anyway because there's only one server block on 443. We should make that explicit in the configuration though.

I'm not a huge fan of having two names for the same domain tbh. I think it will just lead to confusion (eg. cookies and state when visiting one domain won't be shared with the other one).
How about we have daedalus.dide.ic.ac.uk redirect to the canonical daedalus.jameel-institute.org domain name?

Or we just make connections to daedalus.dide.ic.ac.uk fail with a 404 anyway. I'm not sure what problem we are trying to solve by serving on both domain names.

[weshinsley]

This came from Rich's observation during the outage, when daedalus.jameel-institute.org was down, but daedalus.dide.ic.ac.uk was viewable - just with the security warning because of name on the cert - in which case, why not just add the alternative name to the SSL cert, using the mechanism we already did for that.

The other use case was we wanted both shiny.dide.ic.ac.uk and shiny.dide.imperial.ac.uk to be on the cert, as both have been published as links - so that's a bit different to what we have for daedalus, which is more of a "luxury" - no-one is going to view it at daedalus.dide.ic.ac.uk (we think).

Anyway - it felt like a quick fix, since nginx already responds to both; this change would only add the extra name onto the cert for acme-buddy. But it's not a high priority thing.