How do I make my QualityBox site secure (HTTPS)?

ssl
certbot
https
security

#1

QualityBox is configured to run using HTTPS by default. We use HAProxy to act as the front-end load-balancer (you can run with an unmanaged load-balancer if desired). The certificates are provisioned by the EFF’s LetsEncrypt project.

What certs do I have?
sudo certbot certificates

How do I expand a cert to include some sub-domains? (wildcard certs are not supported)
Assuming you have a certificate for ‘example.org’ and want to expand it to include a few sub-domains.
sudo certbot certonly --cert-name example.org --expand -d wiki.example.org -d example.org -d www.example.org

How do I cleanup my old/test certificates?
DOMAIN=example.com
sudo certbot revoke --cert-path /etc/letsencrypt/live/$DOMAIN/cert.pem
sudo certbot delete --cert-name $DOMAIN

How do I obtain a new certificate?
Either run certbot on the host.
certbot certonly -d foo.example.org --dry-run
certbot certonly -d foo.example.org

Or, run the ansible-certbot role on a control host.
ansible-playbook -i hosts letsencrypt.yml