通过脚本设置阿里云 CDN 的证书

set-alicdn-ssl-cert.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""
通过脚本设置阿里云 CDN 的证书

https://help.aliyun.com/document_detail/45014.html

$ pip install aliyun-python-sdk-cdn click

可以扔到 crontab 里面跑。
"""

from os import path
from datetime import datetime

from aliyunsdkcore.client import AcsClient
from aliyunsdkcdn.request.v20141111.SetDomainServerCertificateRequest import (
    SetDomainServerCertificateRequest
)
import click


@click.command()
@click.argument('domain')
@click.argument('appkey')
@click.argument('secret')
@click.option('--dehydrated_dir', default='/etc/dehydrated',
              help='Full path where dehydrated store cert files.')
def set_ssl_cert(domain, appkey, secret, dehydrated_dir):
    req = SetDomainServerCertificateRequest()
    prefix = path.join(dehydrated_dir, 'certs', domain)
    cert_key = '%s@%s' % (domain, datetime.now().strftime('%Y-%m-%d'))
    with open(path.join(prefix, 'fullchain.pem')) as f:
        fullchain = f.read()
    with open(path.join(prefix, 'privkey.pem')) as f:
        privkey = f.read()
    req.set_DomainName(domain)
    req.set_CertName(cert_key)
    req.set_ServerCertificateStatus('on')
    req.set_ServerCertificate(fullchain)
    req.set_PrivateKey(privkey)
    req.set_content_type('json')
    client = AcsClient(appkey, secret)
    resp = client.do_action(req)
    # print(resp)

if __name__ == '__main__':
    set_ssl_cert()