>> Ben Sturmfels:

“>that I might only run now and again.”

Fair enough. In salt, you would put your host-specific states in top.sls. Then you can just run salt '*' state.highstate when you need to redeploy/update/whatever and forget about running any certbot-related commands, states or playbooks directly ever again. :)