main.py主要是刷新SSL
sshClient主要是ssh连接去上传验证文件
特别注意使用本脚本需要将ip地址指向服务器
可以点个Star吗谢谢
- clone代码
git clone https://github.com/WhiteEnzuo/TencentSSLScript.git或者
git clone [email protected]:WhiteEnzuo/TencentSSLScript.git2.安装依赖包
pip install tencentcloud-sdk-python-common tencentcloud-sdk-python-ssl #腾讯云ssl包
pip install paramiko #ssh链接3.更新config文件
如果采用本地文件验证的方式,则可以采用下面这个Config配置
NGINX_VERIFICATION_FILE_CONTEXT_WWW = """
server {
listen 80;
server_name {domain};
location /.well-known/pki-validation/ {
root 文件路径;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.{domain};
location /.well-known/pki-validation/ {
root 文件路径;
index index.html index.htm;
}
}
"""
NGINX_VERIFICATION_FILE_CONTEXT = """
server {
listen 80;
server_name {domain};
location /.well-known/pki-validation/ {
root 文件路径;
index index.html index.htm;
}
}
"""如果采用反向代理的则可以这样配置
NGINX_VERIFICATION_FILE_CONTEXT_WWW = """
server {
listen 80;
server_name {domain};
location /.well-known/pki-validation/ {
proxy_pass 远程地址;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.{domain};
location /.well-known/pki-validation/ {
proxy_pass 远程地址;
index index.html index.htm;
}
}
"""
NGINX_VERIFICATION_FILE_CONTEXT = """
server {
listen 80;
server_name {domain};
location /.well-known/pki-validation/ {
proxy_pass 远程地址;
index index.html index.htm;
}
}
"""
4.配置好相关的config后,在main按需加载,可以使用makeSSLDomain先将域名的证书熟到账号下,然后再用runScript对账号下所有域名进行检查并更新
makeSSLDomain("www.baidu.com",client) #刷域名的代码
runScript() #后期再用,等域名都进入账号中。5.定时任务,可以使用linux的crontab,配置如下
0 0 * * * python3 /root/TencentSSLScript/main.py也可以使用python的定时任务
from apscheduler.schedulers.blocking import BlockingScheduler
scheduler = BlockingScheduler()
scheduler.add_job(runScript, 'cron', hour=0, minute=0)
scheduler.start()