This moves release-hatch to using a justfile to manage operations, like
we did with job-runner.
It also adds support for automatically pulling the latest LetsEncrypt
certificates as part of the regular deployment, fixing #184.
It formalises the previously adhoc method of cert management, namedly
using relative sym links in the certs/ subdir. It also adds some
protection to the test-only selfsigned cert generation code, so it
should never happen in production.
This moves release-hatch to using a justfile to manage operations, like we did with job-runner.
It also adds support for automatically pulling the latest LetsEncrypt certificates as part of the regular deployment, fixing #184.
It formalises the previously adhoc method of cert management, namedly using relative sym links in the
certs/subdir. It also adds some protection to the test-only selfsigned cert generation code, so it should never happen in production.