Point the desec domain js to the gutenberg server with GUTENBERG_HOMEPAGE(), - wait until the DNS propagated
Add the domain to the reverse-proxy in /etc/haproxy/haproxy.cfg, reload
create the WP DB using sudo mysql on gutenberg
create the wp dirs and files, adjust ownership to www-data where needed. Webroot in var/www/ symlinking contents of wp-content as needed: /var/lib/wordpress/wp-content/, uploads are on /var/www/s3-wp-content/yourwpdomain/uploads
create the config-yourwpdoamin.php file in /etc/wordpress
get a certificate using desec plugin for which a bash alias exists on gutenberg, as per documentation - sudo is already in the alias, omit it in thecertbot-desec -d $DOMAIN -d www.$DOMAIN command
finally create your apache conf file by copying another, test and enable it (sudo apachectl configtest & sudo a2ensite)