diff --git a/narwhal/acme_renew/Makefile b/narwhal/acme_renew/Makefile
index 0a714d1..5424eeb 100644
--- a/narwhal/acme_renew/Makefile
+++ b/narwhal/acme_renew/Makefile
@@ -31,6 +31,11 @@ MAIL_FULLCHAIN=$(MAIL_CERT_PATH)/fullchain.pem
 MAIL_CERT=$(MAIL_CERT_PATH)/cert.pem
 MAIL_KEY=$(MAIL_CERT_PATH)/key.pem
 
+CUINA_CERT_PATH=$(ACME_DIR)/cuina.$(DOMAIN)
+CUINA_FULLCHAIN=$(MAIL_CERT_PATH)/fullchain.pem
+CUINA_CERT=$(MAIL_CERT_PATH)/cert.pem
+CUINA_KEY=$(MAIL_CERT_PATH)/key.pem
+
 VAULT_CERT_PATH=$(ACME_DIR)/vault.$(DOMAIN)
 VAULT_FULLCHAIN=$(VAULT_CERT_PATH)/fullchain.pem
 VAULT_CERT=$(VAULT_CERT_PATH)/cert.pem
@@ -106,13 +111,18 @@ $(SURICATA_SYNC): $(VAULT_FULLCHAIN) $(VAULT_CERT) $(VAULT_KEY)
 	touch $@
 
 
-$(LB_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
+$(LB_SYNC): $(FULLCHAIN) $(CERT) $(KEY) $(CUINA_FULLCHAIN) $(CUINA_CERT) $(CUINA_KEY)
 	mkdir -p $(@D)
 	rsync \
 		$(RSYNC_ARGS) \
 		--rsync-path="doas rsync" \
-		$^ \
+		$(FULLCHAIN) $(CERT) $(KEY) \
 		dags@lb:/etc/nginx/acme/$(DOMAIN)
+	rsync \
+		$(RSYNC_ARGS) \
+		--rsync-path="doas rsync" \
+		$(CUINA_FULLCHAIN) $(CUINA_CERT) $(CUINA_KEY) \
+		dags@lb:/etc/nginx/acme/cuina.$(DOMAIN)
 	touch $@
 
 KVMD_PST_DATA=/var/lib/kvmd/pst/data
diff --git a/narwhal/acme_renew/justfile b/narwhal/acme_renew/justfile
index 807951f..066e414 100755
--- a/narwhal/acme_renew/justfile
+++ b/narwhal/acme_renew/justfile
@@ -45,7 +45,7 @@ install-vault:
 install-mail:
     just acmesh \
         --install-cert \
-        -d vault.{{domain}} \
+        -d mail.{{domain}} \
         --cert-file /certs/mail.{{domain}}/cert.pem \
         --key-file /certs/mail.{{domain}}/key.pem \
         --fullchain-file /certs/mail.{{domain}}/fullchain.pem
@@ -69,3 +69,18 @@ issue-mail:
     just issue \
         -d 'mail.{{domain}}'
     just install-mail
+
+install-cuina:
+    mkdir -p {{certs_path}}/cuina.monotremata.xyz
+    just acmesh \
+        --install-cert \
+        -d cuina.{{domain}} \
+        --cert-file /certs/cuina.{{domain}}/cert.pem \
+        --key-file /certs/cuina.{{domain}}/key.pem \
+        --fullchain-file /certs/cuina.{{domain}}/fullchain.pem
+
+issue-cuina:
+    just issue \
+        -d 'cuina.{{domain}}' \
+        -d '*.cuina.{{domain}}'
+    just install-cuina