Changes

The QB is designed to use '''HTTPS everywhere''' (not [https://www.eff.org/https-everywhere the extension], but rather the concept). With that in mind, we're provisioning TLS Certificates using the [https://certbot.eff.org/ Certbot] client of the [https://letsencrypt.org/ letsencrypt] project. There is an 'extras' module for letsencrypt https://docs.ansible.com/ansible/letsencrypt_module.html Although we can automate certificates on a live server (one that has an A record in DNS), we need a manual step to prove ownership of any server that is not public. The manual step is to create a TXT record in the public DNS for the domain in question.<ref>https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-7.4</ref>

{{AI}} Finish the implementation of not just installation of the Certbot, but also the ability to create and verify private hosts