Fix firewall rules for certificate renewal.

ansible/roles/firewall/files/homeserver_pf.conf

@@ -64,3 +64,5 @@ pass in on $ext_if proto udp to (wlan0) port $udp_pass_in
 pass in on restricted_nat proto {udp, tcp} from 10.215.2.2 to any port { 53 51820 } tag NATOUT
 # bastion -> cloak
 pass in on jail_nat proto {udp, tcp} from 10.215.1.217 to 10.215.2.2 port 8081 tag NATRESTRICTED
+# Allow outgoing connections from certificate
+pass in on jail_nat proto {udp, tcp} from 10.215.1.220 to any port { 53 80 443 } tag NATOUT