Long planned. Here's a task.
Stage 1:
[ ] Update certbot cli to check rDNS is correct and either CNAME or NS record is present. Add argument to skip this.
[x] Update check_reverse_dns to check records present too.
[x] Move SSL generation from mwtask111 to puppet111
[x] Automate copying private keys
[ ] Automate pushing certificates from puppet111 to GitHub
Stage 2:
[ ] CreUpdate a web formcertbot cli to automate creating #ssl tasks + checking validity - refuse to create if invalidcheck rDNS is correct and either CNAME or NS record is present. Add argument to skip this.
Stage 3:
[ ] create a new wrapper for generating new ssl certs, pushing public keys to GitHub & moving private keys to puppet3 and update managewiki. (puppet-user will be pointless at this point)Create a web form to automate creating #ssl tasks + checking validity - refuse to create if invalid.
Stage 4:
[ ] create a new wrapper for generating new ssl certs, include updating ManageWiki (puppet-user will be pointless at this point).
Stage 5:
[ ] Move all #ssl requests to the new ssl self serve site and allow one click to do everything.