Long planned. Here's a task.
- Update check_reverse_dns to check records present too.
- Move SSL generation from mwtask111 to puppet111
- Automate copying private keys
- Automate pushing certificates from puppet111 to GitHub
- Update certbot cli to check rDNS is correct and either CNAME or NS record is present. Add argument to skip this.
- Create a web form to automate creating SSL tasks + checking validity - refuse to create if invalid.
- create a new wrapper for generating new ssl certs, include updating ManageWiki (puppet-user will be pointless at this point).
- Move all SSL requests to the new ssl self serve site and allow one click to do everything.