Deploy certs for wiki.ccchh.net using certbot role

Also clean up NGINX configurations.

playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf

@@ -6,7 +6,7 @@ map $host $upstream_acme_challenge_host {
     thinkcccore1.ccchh.net 10.31.242.4;
     thinkcccore2.ccchh.net 10.31.242.5;
     thinkcccore3.ccchh.net 10.31.242.6;
-    wiki.ccchh.net 10.31.206.13;
+    wiki.ccchh.net 10.31.206.13:31820;
     zigbee2mqtt.ccchh.net 10.31.208.25:31820;
     id.ccchh.net 10.31.206.12:31820;
     keycloak-admin.ccchh.net 10.31.206.12:31820;

playbooks/files/configs/wiki/nginx/http_handler.conf

@@ -1,14 +0,0 @@
-server {
-    listen 80 default_server;
-    #listen [::]:80 default_server;
-    server_name _;
-
-    location /.well-known/acme-challenge/ {
-        autoindex on;
-        root /webroot-for-acme-challenge;
-    }
-
-    location / {
-        return 301 https://$host$request_uri;
-    }
-}

playbooks/files/configs/wiki/nginx/wiki.ccchh.net.conf

@@ -14,10 +14,10 @@ server {
 
     server_name wiki.ccchh.net;
 
-    ssl_certificate /etc/ansible_certs/certs/wiki.ccchh.net/fullchain.pem;
-    ssl_certificate_key /etc/ansible_certs/certs/wiki.ccchh.net/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/wiki.ccchh.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/wiki.ccchh.net/privkey.pem;
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
-    ssl_trusted_certificate /etc/ansible_certs/certs/wiki.ccchh.net/chain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/wiki.ccchh.net/chain.pem;
 
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;