SSL on Kodi.

Both host01 and kodi are behind the ns1 router. For completely secure
connections, SSL termination should be done on each host. So use HAProxy
on ns1 to route HTTPS traffic using the SNI extension and HTTP traffic
using the Host header (default to host01). Add tasks to the renew-hosts
playbook to issue (or renew) Let's Encrypt certificates on kodi.