Separate TLS/Let's Encrypt from the rest of the setup/bootstrap process

[eallrich]

scripts/setup currently handles the initial Nginx config, obtaining TLS certificates, updating Nginx to a secure config, and then proceeding with the rest of the setup. In my testing this particular combination is brittle and, although it works, I think there's a better way to arrange these tasks.

Perhaps create a scripts/prep_production script which can handle:

• obtaining TLS certificates from Let's Encrypt
• updating Nginx to a secure config
• adding a cert renewal task to cron
• configuring backups

This would enable a typical deploy to achieve full operability easily (i.e. the way scripts/setup was before implementing #10) and then the few remaining production-preparation activities can take place afterwards. The follow-on script could be manually invoked by the user, it could be executed automatically once the primary initialization completes, or it could be tied to an argument the user gives scripts/setup.