使用acme.sh续期ssl证书,并自动更新web应用防火墙
2024-09-17 22:09:03
curl https://get.acme.sh | sh
source ~/.bashrc
acme.sh --set-default-ca --server letsencrypt
acme.sh --issue -d www.aaa.com -w /usr/share/nginx/www/
安装:
acme.sh --install-cert -d www.aaa.com --key-file /etc/aaa/nginx/aaa.key --fullchain-file /etc/aaa/nginx/aaa.pem --reloadcmd "service nginx force-reload;/www/sync_aliyun_www.aaa.com.sh"
同步web应用防火墙:
aliyun waf-openapi CreateCertificate --region cn-aaa --RegionId 'cn-aaa' --Domain 'www.aaa.com' --Certificate="$(python -c 'with open("/etc/aaa/nginx/aaa.pem", "r") as file: content = file.read().strip(); print(content.split("-----END CERTIFICATE-----")[0] + "-----END CERTIFICATE-----")')" --PrivateKey="$(python -c 'with open("/etc/aaa/nginx/aaa.key", "r") as file: content = file.read().strip(); print(content)')" --CertificateName "$(python -c 'import datetime;import random;print(datetime.datetime.now().strftime("%y%m%d")+str(random.randint(100, 999)))')" --InstanceId 'waf-cn-11111aaaa'
source ~/.bashrc
acme.sh --set-default-ca --server letsencrypt
acme.sh --issue -d www.aaa.com -w /usr/share/nginx/www/
安装:
acme.sh --install-cert -d www.aaa.com --key-file /etc/aaa/nginx/aaa.key --fullchain-file /etc/aaa/nginx/aaa.pem --reloadcmd "service nginx force-reload;/www/sync_aliyun_www.aaa.com.sh"
同步web应用防火墙:
aliyun waf-openapi CreateCertificate --region cn-aaa --RegionId 'cn-aaa' --Domain 'www.aaa.com' --Certificate="$(python -c 'with open("/etc/aaa/nginx/aaa.pem", "r") as file: content = file.read().strip(); print(content.split("-----END CERTIFICATE-----")[0] + "-----END CERTIFICATE-----")')" --PrivateKey="$(python -c 'with open("/etc/aaa/nginx/aaa.key", "r") as file: content = file.read().strip(); print(content)')" --CertificateName "$(python -c 'import datetime;import random;print(datetime.datetime.now().strftime("%y%m%d")+str(random.randint(100, 999)))')" --InstanceId 'waf-cn-11111aaaa'