refactor(webserver): rename roles and update references

- Rename sys-svc-webserver -> sys-svc-webserver-core
- Rename sys-stk-front-pure -> sys-svc-webserver-https
- Update includes, run_once flags, and docs across:
  * sys-ctl-mtn-cert-renew
  * sys-front-inj-*
  * sys-stk-front-proxy
  * sys-svc-certs
  * sys-svc-cln-domains
  * web-opt-rdr-*
  * web-svc-*
- Remove redundant webserver include in web-opt-rdr-www
- Fix documentation links

Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b

roles/sys-svc-webserver-https/README.md

@@ -0,0 +1,54 @@
+# Webserver HTTPS Provisioning 🚀
+
+## Description
+The **sys-svc-webserver-https** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:
+
+1. Ensures your Nginx server is configured for SSL/TLS.
+2. Pulls in Let’s Encrypt ACME challenge handling.
+3. Applies global cleanup of unused domain configs.
+
+This role is built on top of your existing `sys-svc-webserver-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.
+
+---
+
+## Overview
+
+When you apply **sys-svc-webserver-https**, it will:
+
+1. **Include** the `sys-svc-webserver-core` role to install and configure Nginx.  
+2. **Clean up** any stale vHost files under `sys-svc-cln-domains`.  
+3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `sys-svc-letsencrypt`.  
+4. **Reload** Nginx automatically when any template changes.
+
+All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.
+
+---
+
+## Features
+
+- 🔒 **Automatic HTTPS Redirect**  
+  Sets up port 80 → 443 redirect and serves `/.well-known/acme-challenge/` for Certbot.
+
+- 🔑 **Let’s Encrypt Integration**  
+  Pulls in challenge configuration and CAA-record management for automatic certificate issuance and renewal.
+
+- 🧹 **Domain Cleanup**  
+  Removes obsolete or orphaned server blocks before enabling HTTPS.
+
+- 🚦 **Handler-Safe**  
+  Triggers an Nginx reload only when necessary, minimizing service interruptions.
+
+---
+
+## License
+
+This role is released under the **Infinito.Nexus NonCommercial License**.
+See [https://s.infinito.nexus/license](https://s.infinito.nexus/license) for details.
+
+---
+
+## Author
+
+Developed and maintained by **Kevin Veen-Birkenbach**
+Consulting & Coaching Solutions
+[https://www.veen.world](https://www.veen.world)

roles/sys-svc-webserver-https/meta/main.yml

@@ -0,0 +1,24 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Configures Nginx to serve sites securely over HTTPS, integrates Let’s Encrypt and cleans up stale domain configs."
+  company: |
+    Kevin Veen-Birkenbach  
+    Consulting & Coaching Solutions  
+    https://www.veen.world
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  min_ansible_version: "2.9"
+  platforms:
+  - name: Archlinux
+    versions:
+    - rolling
+  galaxy_tags:
+  - nginx
+  - https
+  - tls
+  - letsencrypt
+  - security
+  - automation
+  repository: "https://s.infinito.nexus/code"
+  documentation: "https://docs.infinito.nexus"
+  issue_tracker_url: "https://s.infinito.nexus/issues"

roles/sys-svc-webserver-https/tasks/main.yml

@@ -0,0 +1,11 @@
+- block:
+  - name: Include dependencies
+    include_role:
+      name: '{{ item }}'
+    loop:
+    - sys-svc-webserver-core
+    - sys-svc-cln-domains
+    - sys-svc-letsencrypt
+    - sys-svc-dns
+  - include_tasks: utils/run_once.yml
+  when: run_once_sys_svc_webserver_https is not defined