Certificates

[fredericmoulins]

Quite a few things, mainly:

• let's use only the acl module to set access rights on the letsencrypt directory structure, and avoid using chmod through the files module, which resets the acl rules configured by cert-perms (fixes the slapd not restarting on certificate renewal when running the playbook on an already deployed server);
• configure access rights on the letsencrypt archive and live directories as certbot would;
• migrate extra-certs to use certificates-all;
• redirect to HTTPS by default all traffic on the sites created for certificate generation except for requests on the acme-challenge location.

Please see commit messages for further details.

[arodier]

let's use only the acl module to set access rights on the letsencrypt directory structure, and avoid using chmod through the files module, which resets the acl rules configured by cert-perms (fixes the slapd not restarting on certificate renewal when running the playbook on an already deployed server);

As far as I am aware, I fixed this. I will need to see what improvements this patches does compared to the previous one