Use certbot to issue certificates

ansible/roles/commento/tasks/main.yml

@@ -29,4 +29,4 @@
   vars:
     server_name: commento.theorangeone.net
     upstream: commento-commento-1.docker:8080
-    ssl_cert_path: /etc/nginx/ssl/theorangeone.net
+    ssl_cert_path: /etc/letsencrypt/live/commento.theorangeone.net

ansible/roles/nginx/files/nginx-https-redirect.conf

@@ -2,5 +2,13 @@ server {
     listen 80;
     server_name _;
     access_log off;
-    return 308 https://$host$request_uri;
+
+    location ^~ /.well-known/acme-challenge/ {
+        default_type "text/plain";
+        root {{ certbot_webroot }};
+    }
+
+    location / {
+        return 308 https://$host$request_uri;
+    }
 }

ansible/roles/plausible/tasks/main.yml

@@ -45,6 +45,6 @@
   vars:
     server_name: plausible.theorangeone.net elbisualp.theorangeone.net
     upstream: plausible-plausible-1.docker:8000
-    ssl_cert_path: /etc/nginx/ssl/theorangeone.net
+    ssl_cert_path: /etc/letsencrypt/live/plausible.theorangeone.net
     location_extra: |
       rewrite ^/js/index.js$ /js/plausible.js last;

ansible/roles/website/tasks/main.yml

@@ -29,6 +29,6 @@
   vars:
     server_name: theorangeone.net
     upstream: website-nginx-1.docker:8000
-    ssl_cert_path: /etc/nginx/ssl/theorangeone.net
+    ssl_cert_path: /etc/letsencrypt/live/theorangeone.net
     location_extra: |
       more_set_headers "Server: $upstream_http_server";