roles/certbot: Ensure certbot is configured first

The `Alias` configuration for Certbot needs to be configured before any
other locations, to ensure the `/.well-known` path is always served from
the local filesystem.  If another drop-in configuration file (e.g.
`bitwarden.conf`) is ordered before it, it may override this
configuration and prevent Let's Encrypt from working.

roles/certbot/tasks/main.yml

@@ -55,9 +55,14 @@
 - name: ensure apache is configured for certbot
   copy:
     src=certbot.httpd.conf
-    dest=/etc/httpd/conf.d/certbot.conf
+    dest=/etc/httpd/conf.d/01_certbot.conf
     mode=0644
   notify: reload httpd
+- name: ensure old certbot apache config file is removed
+  file:
+    path=/etc/httpd/conf.d/certbot.conf
+    state=absent
+  notify: reload httpd
 - meta: flush_handlers
 
 - name: ensure letsencrypt account data are installed