Fixing Let's Encrypt tls-sni-01 destruction

Let's Encrypt disabled tls-sni-01 certificate request verification in January 2018. This broke LE for anyone w/o port 80 or programmable DNS. The only option now seems to be tls-alpn-01, which is only supported reasonably via the dehydrated.io LE client (from git, not released (11/2018)).

You still have to code out your own alpn-responder.py, but there's a workable sample on the net.

You have to provide some kind of self-signed cert for it in lieu of ubuntu/debian? snakeoil key/cert pairs that seem to exist.

With dehydrated configured and my alpn-responder wrapped in an openrc init script, I was able to rewrite the ansible playbook without much trouble. The hard part was adapting it to distribute the cert to hass.io locally on rpi.