diff --git a/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb
index 26fa84a..d4cbd00 100644
--- a/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb
@@ -26,9 +26,6 @@
 
 include_recipe "kosmos-base::letsencrypt"
 
-domain = "kosmos.org"
-domain_and_subdomains = [domain, "chat.#{domain}" "xmpp.#{domain}"]
-
 ejabberd_post_hook = <<-EOF
 #!/usr/bin/env bash
 
@@ -39,11 +36,11 @@ set -e
 # letsencrypt live folder
 for domain in $RENEWED_DOMAINS; do
   case $domain in
-  # Do not copy over when renewing other kosmos.org domains
-  #{domain})
-    cat "${RENEWED_LINEAGE}/privkey.pem" "${RENEWED_LINEAGE}/fullchain.pem" > /opt/ejabberd/conf/#{domain}.pem
-    chown ejabberd:ejabberd /opt/ejabberd/conf/#{domain}.pem
-    chmod 600 /opt/ejabberd/conf/#{domain}.pem
+  kosmos.org|5apps.com)
+    cp "${RENEWED_LINEAGE}/privkey.pem" /opt/ejabberd/conf/$domain.key
+    cp "${RENEWED_LINEAGE}/fullchain.pem" /opt/ejabberd/conf/$domain.crt
+    chown ejabberd:ejabberd /opt/ejabberd/conf/$domain.*
+    chmod 600 /opt/ejabberd/conf/$domain.*
     /opt/ejabberd-#{node["kosmos-ejabberd"]["version"]}/bin/ejabberdctl reload_config
     ;;
   esac
@@ -57,13 +54,20 @@ file "/etc/letsencrypt/renewal-hooks/post/ejabberd" do
   group "root"
 end
 
-domain_and_subdomains_switch = domain_and_subdomains.map { |d| "-d #{d}" }.join(" ")
-
 # Generate a Let's Encrypt cert (only if no cert has been generated before).
 # The systemd timer will take care of renewing
 execute "letsencrypt cert for kosmos xmpp" do
-  command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@#{domain} #{domain_and_subdomains_switch} -n"
+  command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@kosmos.org -d kosmos.org -d chat.kosmos.org -d xmpp.kosmos.org -n"
   not_if do
-    File.exist?("/opt/ejabberd/conf/#{domain}.pem")
+    File.exist?("/etc/letsencrypt/live/kosmos.org/fullchain.pem")
+  end
+end
+
+# Generate a Let's Encrypt cert (only if no cert has been generated before).
+# The systemd timer will take care of renewing
+execute "letsencrypt cert for 5apps xmpp" do
+  command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -n"
+  not_if do
+    File.exist?("/etc/letsencrypt/live/5apps.com/fullchain.pem")
   end
 end