roles/nginx: Rework Let's Encrypt stuff

Take an opinionated stance on HTTPS and assume that hosts are using
HTTPS for all vhosts. This can either be via custom TLS cert/key
pairs defined in the host's variables (could even be self-signed
certificates on dev boxes) or via Let's Encrypt.

roles/nginx/defaults/main.yml

@@ -19,6 +19,9 @@ nginx_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2'
 # Directory root for Let's Encrypt certs
 letsencrypt_root: /etc/letsencrypt/live
 
+# Location of Let's Encrypt's certbot script
+letsencrypt_certbot_dest: /opt/certbot-auto
+
 # stable is 1.10.x
 # mainline is 1.11.x
 nginx_version: mainline