Add a option to bypass certgetter01 intercept

This permit to move, let's say,  blog to a provider
that do support LE natively, but without needing to
transfer the certificate or anything.

Just set "enable_certgetter: false", run the playbook,
do the http01 negociation, and then switch DNS.

roles/httpd/website/defaults/main.yml

@@ -11,3 +11,6 @@ sslonly: false
 SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
 gzip: false
 stssubdomains: true
+# set to true to enable the proxy to redirect the http01 challenge
+# to certgetter, set to false to disable (for migration)
+enable_certgetter: true

roles/httpd/website/templates/website.conf

@@ -12,7 +12,9 @@
   SetOutputFilter DEFLATE
 {% endif %}
 
+{% if enable_certgetter %}
   ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
+{% endif %}
 
 {% if site_name == "fedoraproject.org" %}
   Include "conf.d/fedoraproject.org/expires.conf"