Fix certificate bootstrapping issue by switch to DNS-01 challenge

Our current way of bootstrapping a new service does not really bootstrap an valid SSL certificate when deploying a role. As our nginx configuration does expects a certificate to be there, but it's not there yet and nginx needs to run so this is a classic chicken egg problem.

Hetzner has a DNS API now so we can switch to DNS verification.

https://community.hetzner.com/tutorials/letsencrypt-dns
https://github.com/Estivador/terraform-provider-hdns
https://github.com/ctrlaltcoop/certbot-dns-hetzner
https://github.com/alxrem/terraform-provider-hdns

Cons:

Every machine can now issue a wildcard certificate :/

Edited Jan 10, 2021 by Kristian Klausen

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information