Use cert role to deploy a valid certificate for zigbee2mqtt.ccchh.net

playbooks/files/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf

@@ -2,10 +2,14 @@ server {
     listen      443 ssl http2;
     listen      [::]:443 ssl http2;
 
-    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
-	ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+    server_name zigbee2mqtt.ccchh.net;
 
-    server_name zigbee2mqtt.z9;
+    ssl_certificate /etc/ansible_certs/certs/zigbee2mqtt.ccchh.net/fullchain.pem;
+    ssl_certificate_key /etc/ansible_certs/certs/zigbee2mqtt.ccchh.net/privkey.pem;
+    # verify chain of trust of OCSP response using Root CA and Intermediate certs
+    ssl_trusted_certificate /etc/ansible_certs/certs/zigbee2mqtt.ccchh.net/chain.pem;
+
+    add_header Strict-Transport-Security "max-age=63072000" always;
 
     location / {
         proxy_pass http://localhost:8080/;
@@ -15,9 +19,8 @@ server {
     }
 
     location /api {
-        proxy_pass         http://localhost:8080/api;
+        proxy_pass http://localhost:8080/api;
         proxy_set_header Host $host;
-
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";