That’s good news! So making the turn server default or at least a one click option in plinth’s synapse configuration seems quite realistic - that’s nice.
Regarding the certs I wonder if it makes more sense to copy them into the certain certs folders every renewal or to add e.g. a letsencrypt group, give the original folder 0600 privs and add all servers which profit from them to the letsencrypt group. So no copying and easy to add any new server or app to it.
The more sophisticated thing might be the use of subdomains like it’s needed in ejabberd conf and expand the certs like I showed here. But sure that’s also manageable?
I’m looking forward to see what that will develop to 