Put the original domain first

The original domain got some state created for it by certbot. The certificates are anchored to payments.privatestorage.io in the filesystem. The code handling these domains uses the first domain name in the list to find the certificates, so make it match the filesystem state.