From 70949ff0e2751c88fbba0be15fb492b88b81b895 Mon Sep 17 00:00:00 2001
From: Deimos <deimos@tildes.net>
Date: Wed, 21 Oct 2020 16:01:48 -0600
Subject: [PATCH] Add invoke task to renew TLS certificate

---
 tildes/tasks.py | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tildes/tasks.py b/tildes/tasks.py
index b6e6813..8b90925 100644
--- a/tildes/tasks.py
+++ b/tildes/tasks.py
@@ -6,6 +6,7 @@
 from pathlib import Path
 
 from invoke import task
+from invoke.exceptions import Exit
 
 
 def output(string):
@@ -36,6 +37,39 @@ def check_code_style(context, full=False):
         context.run("prospector -M")
 
 
+@task
+def reload_web_server(context):
+    """Reload the web server, in order to apply config updates."""
+    context.run("sudo systemctl reload nginx.service")
+
+
+@task(
+    help={
+        "domain": "Domain to obtain a cert for (can be specified multiple times)",
+    },
+    iterable=["domain"],
+    post=[reload_web_server],
+)
+def renew_tls_certificate(context, domain, wildcard=True):
+    """Renew the TLS certificate for the specified domain(s)."""
+    if not domain:
+        raise Exit("No domains specified")
+
+    domains = []
+    for dom in domain:
+        domains.append(dom)
+        if wildcard:
+            domains.append(f"*.{dom}")
+
+    domain_args = " ".join([f"-d {dom}" for dom in domains])
+
+    context.run(
+        f"sudo certbot certonly --manual {domain_args} "
+        "--preferred-challenges dns-01 "
+        "--server https://acme-v02.api.letsencrypt.org/directory"
+    )
+
+
 @task(
     help={
         "full": "Include all tests",