Currently, HTTP basic with credentials are specified on a "global" level (at least, using arc set-config).
This means that it is not possible to set different auth credentials for different hosts (in the same way that different conduit tokens can be set for different hosts).
I'm happy to work on a fix for this, but am not sure what the best fix would be. I was thinking that prompting for basic auth credentials could be included in the arc install-certificate workflow.