Moving keeps everything in the /matrix directory, so that we
wouldn't contaminate anything else on the system or risk
clashing with something else.
Also retrieving certificates separately for the Riot and Matrix domains,
which should help in multiple ways:
- allows them to be very different (completely separate base domain..)
- allows for Riot to be disabled for the playbook some time later
and still have the code not break
matrix-nginx-proxy will be occupying port 80 soon,
so that we can be more user-friendly and have
http->https forwarding for the Riot hostname.
During the playbook run, acmetool also expects to use
port 80 for domain verification.
During an initial playbook run, this wouldn't cause trouble
because matrix-nginx-proxy is not installed yet.
However, on subsequent playbook runs, it would cause trouble.
This ensures that if matrix-nginx-proxy is available
and running, it would be stopped before running acmetool
and started right after.
