Long planned. Here's a task.
Stage 1:
[ ] Update certbot cli to check rDNS is correct and either CNAME or NS record is present. Add argument to skip this.
[ ] Update check_reverse_dns to check records present too.
Stage 2:
[ ] Create a web form to automate creating #ssl tasks + checking validity - refuse to create if invalid.
Stage 3:
[ ] create a new wrapper for generating new ssl certs, pushing public keys to GitHub & moving private keys to puppet3 and update managewiki. (puppet-user will be pointless at this point).
Stage 4:
[ ] Move all #ssl requests to the new ssl self serve site and allow one click to do everything.