puppet: Only fix certbot certificates if https is enabled.

This is a reprise of c97162e485, but for the case where certbot
certs are no longer in use by way of enabling `http_only` and letting
another server handle TLS termination.

Fixes: #22034.

puppet/zulip/manifests/profile/app_frontend.pp

@@ -60,6 +60,7 @@ class zulip::profile::app_frontend {
     source  => 'puppet:///modules/zulip/letsencrypt/nginx-deploy-hook.sh',
     require => Package[certbot],
   }
+  if ! $nginx_http_only {
       exec { 'fix-standalone-certbot':
         onlyif  => @(EOT),
           test -L /etc/ssl/certs/zulip.combined-chain.crt &&
@@ -69,6 +70,7 @@ class zulip::profile::app_frontend {
           | EOT
         command => "${::zulip_scripts_path}/lib/fix-standalone-certbot",
       }
+  }
 
   # Restart the server regularly to avoid potential memory leak problems.
   file { '/etc/cron.d/restart-zulip':