Long planned. Here's a task.
- Update certbot cli to check rDNS is correct and either CNAME or NS record is present. Add argument to skip this.
- Update check_reverse_dns to check records present too.
- Create a web form to automate creating SSL tasks + checking validity - refuse to create if invalid.
- create a new wrapper for generating new ssl certs, pushing public keys to GitHub & moving private keys to puppet3 and update managewiki. (puppet-user will be pointless at this point).
- Move all SSL requests to the new ssl self serve site and allow one click to do everything.