infra/roles/certbot/templates/letsencrypt-new.py.j2

#!/usr/bin/env python3

import subprocess
import sys
import json
import argparse


def parse_args():
    parser = argparse.ArgumentParser()
    parser.add_argument("fqdn", help="domain to request a cert for")
    parser.add_argument("--wildcard", action="store_true", help="wildcard cert")
    parser.add_argument("--www", action="store_true", help="include www.")
    parser.add_argument("--dry-run", action="store_true")
    return parser.parse_args()


def main():
    args = parse_args()
    return certbot_new(args.fqdn, wildcard=args.wildcard, www=args.www, dry_run=args.dry_run)



def certbot_new(fqdn, wildcard, www, dry_run=False):
    dns_file = "dns-provider-domains.json"
    with open(f'/usr/local/etc/letsencrypt/{dns_file}', 'r') as f:
        domains = json.load(f)

    # add a --with-www or something instead of guessing like this
    # and make 'domain' a list 'domains', and append/extend 'certbot_cmd'
    # with a -d for each.

    if wildcard:
        domain = fqdn
    else:
        dotted = fqdn.split('.')
        domain = ".".join(dotted[1:])

    try:
        dns_provider = domains[domain]
    except KeyError:
        print(f"[!] domain '{domain}' not found in '{dns_file}'!")
        sys.exit(2)

    print(f"[ ] dns_provider: '{dns_provider}'")

    certbot_cmd = [
        "/usr/local/bin/certbot",
        "certonly",
        f"--dns-{dns_provider}",
        "--deploy-hook", "/usr/local/bin/letsencrypt-hook.py",
        "-d", fqdn
    ]
    if wildcard:
        certbot_cmd.extend(["-d", f"*.{fqdn}"])
    if www:
        certbot_cmd.extend(["-d", f"www.{fqdn}"])

    print("[>]", end=" ")
    print(" ".join(certbot_cmd))

    if dry_run:
        print("[<] This is a dry run, exiting without running command!")
        return 0
    p = subprocess.run(certbot_cmd, check=True)
    return p.returncode

if __name__ == "__main__":
    sys.exit(main())