Update Vault Certificate

[s-newman]

Update Vault Certificate

The HashiCorp Vault certificate is currently from LetsEncrypt's staging environment. This is not accepted by any browsers or operating systems, so we should switch to a certificate from the production environment. This will also help us test our procedure for updating LetsEncrypt certificates that have been issued through Terraform.

Tasks

All of the following tasks must be complete before this issue can be closed. Be sure to reference this issue in the relevant issues/PRs in other repositories.

• [ ] Update Vault with a valid certificate
• [ ] Update Terraform, Ansible, or other relevant automation
• [ ] Document how to update a host's LetsEncrypt cert with our Terraform

[s-newman]

Since certificates are deployed to the host at creation time via cloud-init, I suspect that we will have to do this by redeploying the vault instance and migrating the EBS volume to the new instance. Ideally, only the instance should be destroyed and all other Terraform resources should be left intact (reconfiguration acceptable).