Setup Wildcard SSL

bench/commands/setup.py

@@ -128,6 +128,15 @@ def setup_letsencrypt(site, custom_domain, non_interactive):
 	setup_letsencrypt(site, custom_domain, bench_path='.', interactive=not non_interactive)
 
 
+@click.command('wildcard-ssl')
+@click.argument('domain')
+@click.option('--email')
+def setup_wildcard_ssl(domain, email):
+	''' Setup wildcard ssl certificate '''
+	from bench.config.lets_encrypt import setup_wildcard_ssl
+	setup_wildcard_ssl(domain, email, bench_path='.')
+
+
 @click.command('procfile')
 def setup_procfile():
 	"Setup Procfile for bench start"

bench/config/lets_encrypt.py

@@ -1,5 +1,5 @@
 import bench, os, click, errno
-from bench.utils import exec_cmd, CommandFailedError
+from bench.utils import exec_cmd, CommandFailedError, update_common_site_config
 from bench.config.site_config import update_site_config, remove_domain, get_domains
 from bench.config.nginx import make_nginx_conf
 from bench.config.production_setup import service
@@ -116,3 +116,34 @@ def renew_certs():
 	service('nginx', 'stop')
 	exec_cmd("{path} renew".format(path=get_certbot_path()))
 	service('nginx', 'start')
+
+
+def setup_wildcard_ssl(domain, email, bench_path):
+	get_certbot()
+
+	email_param = ''
+	if email:
+		email_param = '--email {0}'.format(email)
+
+	try:
+		exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
+			 --server https://acme-v02.api.letsencrypt.org/directory \
+			 --agree-tos -d {domain}".format(path=get_certbot_path(), domain=domain,
+			 email_param=email_param))
+
+	except CommandFailedError:
+		print("There was a problem trying to setup SSL")
+		return
+
+	ssl_path = "/etc/letsencrypt/live/{domain}/".format(site=domain)
+	ssl_config = {
+		"wildcard": {
+			"domain": domain,
+			"ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
+			"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem") 
+		}
+	}
+
+	update_common_site_config(ssl_config)
+	make_nginx_conf(bench_path)
+	service('nginx', 'restart')