Deploy certs for aes.ccchh.net using certbot role

Also clean up NGINX configuration a bit.

playbooks/files/configs/engelsystem/nginx/aes.ccchh.net.conf

@@ -14,10 +14,10 @@ server {
 
     server_name aes.ccchh.net;
 
-    ssl_certificate /etc/ansible_certs/certs/aes.ccchh.net/fullchain.pem;
-    ssl_certificate_key /etc/ansible_certs/certs/aes.ccchh.net/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/aes.ccchh.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/aes.ccchh.net/privkey.pem;
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
-    ssl_trusted_certificate /etc/ansible_certs/certs/aes.ccchh.net/chain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/aes.ccchh.net/chain.pem;
 
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;

playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf

@@ -11,6 +11,7 @@ map $host $upstream_acme_challenge_host {
     id.ccchh.net 10.31.206.12:31820;
     keycloak-admin.ccchh.net 10.31.206.12:31820;
     esphome.ccchh.net 10.31.208.24:31820;
+    aes.ccchh.net 10.31.206.14:31820;
     default "";
 }