Option to add (sub)domain with Let's Encrypt certificate / Simplify the UI flow

[ericgaspar]

In the webadmin, when I want to add a new domain with a Let's Encrypt certificate, I have to:

• add the domain
• go to the settings of this domain
• click on "SSL certificate"
• leave the settings to check the diagnosis (because the button to generate a Let's Encrypt certificate is greyed out and a text asks you to do that)
• come back to Domains -> your domain -> SSL certificate and install the certificate
  This is quite a confusing process in my opinion.

One solution could be to have a checkbox right at the addition of a domain which would give you the option to install a Let's Encrypt certificate for your domain, rather than an auto-signed certificate. It would be easier for beginners and faster for everyone. If the creation of the certificate fails, YunoHost could display a message stating that the domain has been created, but that the Let's Encrypt certificate could not be installed, and directly propose a DNS config to correct the problem.

[alexAubin]

In addtion, we may add a button or option in the cert install view to enable the --no-checks option, though telling the user that they should be sure that their conf is okay

[alexAubin]

(Related: #1357)

[alexAubin]

Thinking again about this, we could in fact have a "smart" behavior when adding subdomain, such as if there's already a valid * A record on the domain (which we can ~easily check from the diagnosis result without re-running the diagnosis) we could trigger a cert install

[zamentur]

For ReflexLibre setup, i run a script to magically install let's encrypt when the dns are correctly setup.

for domain in $(yunohost domain list --output-as json| jq -r .domains[])
do
    cat <<EOL >/etc/cron.hourly/$domain.letsencrypt
#!/bin/bash
ns_server=\$(timeout 10 dig +short NS \$(cat /etc/yunohost/current_host  | sed 's/^[^\.]*\.//') | head -n1)
[[ -z "\$ns_server" ]] && exit 1

ipv4="\$(curl https://ip.yunohost.org 2>/dev/null)"
ipv6="\$(curl https://ip6.yunohost.org 2>/dev/null)"
a="\$(dig A +short $domain @\${ns_server} | grep -v '\.$')"
aaaa="\$(dig AAAA +short $domain @\${ns_server} | grep -v '\.$')"
if [[ -n "\$a" ]] && [[ -n "\$aaaa" ]] && [[ "\$ipv4" == "\$a" ]] && [[ "\$ipv6" == "\$aaaa" ]]
then
    yunohost diagnosis run dnsrecords
    yunohost domain cert install --no-checks $domain
    rm -f /etc/cron.hourly/$domain.letsencrypt
fi
EOL
    chmod a+x /etc/cron.hourly/$domain.letsencrypt
done

For my use case it's ok, for yunohost it's like a poc

I guess we could have a question during install process to know if it's relevant to deploy let's encrypt by default for all domains.