1) The above is accurate for us. 2) No, having Terraform and Ansible support to manage certificates would be a better option in my opinion. If you integrate Lets Encrypt directly on the OS then that fixes cert management for LE users but not users of other CAs. If you had modules for Terraform and Ansible, that would cover all users and not just LE users. Or support LE natively but also have cert management modules. 3/4) No, we have a working solution. EDIT: If you do integrate LE directly, please support all validation methods and don't limit it to just one.
... View more