Automate SSL certificate renewal for status.gitlab.com

Details

• Point of contact for this request: @astarovoytov
• If a call is needed, what is the proposed date and time of the call: Date and Time
• Additional call details (format, type of call): additional details

SRE Support Needed

status.gitlab.com portal SSL certificate requires manual steps to refresh/upload new custom certificate. The details are in the Runbook docs. Due to the manual nature of the process we had incidents where the certificate expired (here and here)

This issue is to identify and implement a way to automate the renewal process.

At the moment of this issue creation, status.io did not have any API to manage custom TLS/SSL certificats. One of the ideas by @gsgl was to switch to the subdomain option so it becomes https://gitlab.status.io and we use Cloudflare to proxy traffic from status.gitlab.com to gitlab.status.io, but maybe there are other options available.