Python 自动申请 SSL 证书

'''
项目地址： https://github.com/kshcherban/acme-nginx
安装: pip3 install acme-nginx
DNS API 支持: DigitalOcean DNS、Cloudflare和 AWS Route53。

sudo acme-nginx \
    -k /path/to/account.key \
    --domain-private-key /path/to/domain.key \
    --virtual-host /etc/nginx/sites-enabled/customvhost \
    -o /path/to/signed_certificate.pem \
    -d example.com -d www.example.com
详细信息：参考项目
'''

import os
import subprocess


ACCOUNT_KEY = "/path/account.key"           # 申请证书之前的私钥，可选，不重要

VIRTUAL_CONF = "/path/domain.conf"          # 申请配置文件，申请下来会清空文件，可选，不重要
DOMAINS = ['1.com']                         # 申请证书的域名
CERT_KEY = "/path/to/domain_key.pem"        # 申请证书下来的 key
CERT_CERT = "/paht/to/domain_cert.pem"      # 申请证书下来的 cert



def ApplySSL(**kwargs):

    domainConf = kwargs['VIRTUAL_CONF']
    accountKey = kwargs['ACCOUNT_KEY']
    certKey = kwargs['certKey']
    certCert = kwargs['CERT_CERT']
    domainString = kwargs['DOMAINS']


    ACME_NGINX_CMD = "acme-nginx \
             --virtual-host {domainConf} \
             -k {accountKey} \
             --domain-private-key {certKey} \
             -o {certCert} \
             -d {domainString} \
             --no-reload-nginx \
           "


    cmd = ACME_NGINX_CMD.format(domainConf=domainConf, accountKey=accountKey, certKey=certKey, certCert=certCert, domainString=domainString)
    status, output = commands.getstatusoutput(cmd)


    if int(status) != 0 or not os.path.exists(certKey) or not os.path.exists(certCert):
        return False
    return True


kwargs = {
    'ACCOUNT_KEY': ACCOUNT_KEY, 
    'VIRTUAL_CONF': VIRTUAL_CONF, 
    'DOMAINS': " -d ".join(DOMAINS), 
    'CERT_KEY': CERT_KEY,
    'CERT_CERT': CERT_CERT
}


ApplySSL(**kwargs)