Thanks for the thanks. It does take a lot of work.
Sounds good. Rebuilding seems to be the most efficient option at this point, assuming your staging server can afford the downtime.
Off the top of my head, the only reason I can think of for why letsencrypt role would skip is if these two conditions were not met:
- SSL must be
enabled: true - SSL must be
provider: letsencrypt
No effect that I can think of.
You are correct. You should not need to pre-create any user at all, assuming your VPS provider gives you at least one user with SSH access. This is commonly root (e.g., DO) or ubuntu (AWS). See this thread for discussion of the situation when the VPS provider does not make available an SSH user at VPS creation time.