- set primary/certbot domains and role - remove legacy xcontrol web playbook - update nginx bootstrap health endpoint and certbot challenge - refine docker healthcheck timing and endpoint