Aliyun 证书上传
添加脚本 ssl_update_aliyun_cdn.sh
#!/usr/bin/env python3
import os
import sys
import subprocess
import json
import time
CRT_PATH = "./"
CERT_ID_FILE = "./cert_id.txt"
Ali_Key = "LTAI----"
Ali_Secret = "Secret"
def install_sdk():
print("正在安装阿里云SDK...")
subprocess.check_call([sys.executable, "-m", "pip", "install", "aliyun-python-sdk-core", "-q"])
try:
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
except ImportError:
install_sdk()
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest
def delete_cert(client, cert_id):
print(f"正在删除旧证书, CertId: {cert_id}...")
request = CommonRequest(domain='cas.aliyuncs.com', version='2020-04-07', action_name='DeleteUserCertificate')
request.add_query_param('CertId', cert_id)
response = client.do_action(request)
response_str = response.decode('utf-8') if response else ''
if '<RequestId>' in response_str or '"RequestId"' in response_str:
print("旧证书删除成功")
return True
else:
print(f"删除旧证书失败: {response_str}")
return False
def update_aliyun_cdn(aliyun_cdn_domain="cdn-static.xdywlkj.com"):
print(f"开始设置阿里云CDN SSL证书... 域名为: {aliyun_cdn_domain}")
client = AcsClient(Ali_Key, Ali_Secret, 'cn-hangzhou')
old_cert_id = ""
if os.path.exists(CERT_ID_FILE):
with open(CERT_ID_FILE, "r") as f:
old_cert_id = f.read().strip()
if old_cert_id:
print(f"发现旧证书ID: {old_cert_id},将先删除旧证书")
delete_cert(client, old_cert_id)
with open(os.path.join(CRT_PATH, "server.crt"), "r") as f:
SSLPubContent = f.read()
with open(os.path.join(CRT_PATH, "server.key"), "r") as f:
SSLPriContent = f.read()
print("正在上传证书到CAS服务...")
cert_name = f'cdn-cert-{int(time.time())}'
request = CommonRequest(domain='cas.aliyuncs.com', version='2020-04-07', action_name='UploadUserCertificate')
request.add_query_param('Name', cert_name)
request.add_query_param('Cert', SSLPubContent)
request.add_query_param('Key', SSLPriContent)
response = client.do_action(request)
if response is None:
print("上传证书到CAS失败")
exit(1)
result = json.loads(response.decode('utf-8'))
CertId = result.get('CertId', '')
if not CertId:
print("上传证书到CAS失败")
exit(1)
print(f"证书上传成功,CertId: {CertId}")
with open(CERT_ID_FILE, "w") as f:
f.write(str(CertId))
print(f"证书ID已保存到: {CERT_ID_FILE}")
print("正在配置CDN域名证书...")
cert_request = CommonRequest(domain='cdn.aliyuncs.com', version='2018-05-10', action_name='SetCdnDomainSSLCertificate')
cert_request.set_method('POST')
cert_request.add_query_param('DomainName', aliyun_cdn_domain)
cert_request.add_query_param('CertId', str(CertId))
cert_request.add_query_param('CertType', 'cas')
cert_request.add_query_param('SSLProtocol', 'on')
response = client.do_action(cert_request)
if response is None:
print("配置CDN域名证书失败")
exit(1)
response_str = response.decode('utf-8')
if '<RequestId>' in response_str:
print("SSL证书更新完成!")
else:
print(f"配置CDN域名证书失败: {response_str}")
exit(1)
if __name__ == "__main__":
update_aliyun_cdn()
使用脚本
./ssl_update_aliyun_cdn.sh cdn.lsmir2.com1panel 证书脚本 更新南墙,更新阿里云 CDN
sudo mv -f fullchain.pem server.crt #改名
sudo mv -f privkey.pem server.key #改名
wafpath=/opt/docker/uuwaf/data #南墙路径
sudo cp -f server.crt $wafpath
sudo cp -f server.key $wafpath
#更新证书到南墙数据库 自用程序.
$wafpath/updateWafssl "server.crt" "server.key" "root:password@127.0.0.1:3306/uuwaf"
#重启容器
docker restart 1panel-uuwaf
#更新cdn证书
./update_aliyun_cdn.sh cdn.wcwlkej.cnoss 配置内网
aliyun configure set --region cn-heyuan-internal #内网
本文是原创文章,采用 CC BY-NC-ND 4.0 协议,完整转载请注明来自 lsmir2
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果
