{"id":20382878,"url":"https://github.com/zfb132/qcloud-ssl-cdn","last_synced_at":"2026-03-09T19:13:36.247Z","repository":{"id":41976206,"uuid":"317816091","full_name":"zfb132/qcloud-ssl-cdn","owner":"zfb132","description":"使用API实现腾讯云CDN服务自动更换自己申请的Let's Encrypt证书","archived":false,"fork":false,"pushed_at":"2025-03-19T12:58:03.000Z","size":59,"stargazers_count":75,"open_issues_count":1,"forks_count":38,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-29T21:05:28.543Z","etag":null,"topics":["acme","actions","cdn","dns","docker","letsencrypt","qcloud","ssl"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zfb132.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-02T09:45:42.000Z","updated_at":"2025-03-19T12:58:07.000Z","dependencies_parsed_at":"2025-02-19T21:10:57.141Z","dependency_job_id":"260d752e-15b1-4a7b-9502-7e2a95007f0a","html_url":"https://github.com/zfb132/qcloud-ssl-cdn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zfb132%2Fqcloud-ssl-cdn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zfb132%2Fqcloud-ssl-cdn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zfb132%2Fqcloud-ssl-cdn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zfb132%2Fqcloud-ssl-cdn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zfb132","download_url":"https://codeload.github.com/zfb132/qcloud-ssl-cdn/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247406088,"owners_count":20933803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","actions","cdn","dns","docker","letsencrypt","qcloud","ssl"],"created_at":"2024-11-15T02:19:26.662Z","updated_at":"2026-03-09T19:13:31.207Z","avatar_url":"https://github.com/zfb132.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"## 腾讯云自动SSL证书上传及替换\n功能：  \n* [SSL证书](https://console.cloud.tencent.com/ssl)：把本地的SSL证书上传到腾讯云SSL证书，并记录id\n* [CDN服务](https://console.cloud.tencent.com/cdn)：为CDN服务更换指定id的SSL证书；根据网址，批量预热URL\n* [ECDN服务](https://console.cloud.tencent.com/ecdn)：为ECDN服务更换指定id的SSL证书\n* [EO平台](https://console.cloud.tencent.com/edgeone)：为边缘安全加速平台更换指定id的SSL证书\n* [LIVE平台](https://console.cloud.tencent.com/live)：为云直播平台更换指定id的SSL证书\n\n目的：\n* 把利用[acme.sh](https://github.com/acmesh-official/acme.sh)申请的`Let's Encrypt`证书上传到腾讯云\n* 由于多次申请`TrustAsia`的一年期免费单域名证书失败，所以准备使用`Let's Encrypt`证书\n* 该程序已将每一个步骤都实现：自动上传SSL并替换CDN的证书\n* 为了使网站访问更快，每天预热URL（可以单独抽出该函数，运行在[腾讯云函数](https://github.com/zfb132/auto_push_url)）\n\n\n## 部署方式\n\n### 使用 Docker 快速部署\n\n每月 1 号凌晨 2 点定时执行证书更新\n\n* `ACME_DNS_TYPE`: Acme 的 dns 类型，你可以选择你的 dns 类型并配置[环境变量密钥](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)\n* `ACME_DOMAIN`: 你的顶级域名，例如：whuzfb.cn，自动申请证书 whuzfb.cn/*.whuzfb.cn\n* `SECRETID`: 腾讯云 Secret Id\n* `SECRETKEY`: 腾讯云 Secret Key\n* `CDN_DOMAIN`: CDN 域名，多个域名用逗号分隔\n* `RUN_NOW`: 是否在 Docker 启动时执行程序\n\n```bash\ndocker run -d \\\n  --name qcloud-ssl-cdn \\\n  --restart=unless-stopped \\ \n  -e DP_Id=xxx \\\n  -e DP_Key=xxx \\ \n  -e ACME_DNS_TYPE=dns_dp \\ \n  -e ACME_DOMAIN=whuzfb.cn \\\n  -e SECRETID=xxx \\\n  -e SECRETKEY=xxx \\\n  -e CDN_DOMAIN=www.whuzfb.cn \\\n  -e RUN_NOW=true \\\n  ghcr.io/zfb132/qcloud-ssl-cdn:main\n```\n\n#### 其他变量\n\n* `ACME_ENABLED`: 是否启用 acme，不启用将证书映射到容器`/data/certs`目录\n* `PUSH_URLS`: CDN 刷新/预热地址，逗号分隔\n* `PUSH_URLS_PATH`: CDN 刷新/预热地址文件路径，文件映射到 Docker 容器，**路径不能是`/data/urls.txt`**\n* `UPLOAD_SSL`: 是否上传 SSL 证书,默认为`True`\n* `ENABLE_HTTP2`: 是否启用 HTTP2，默认为`True`\n* `ENABLE_HSTS`: 是否启用 HSTS，默认为`True`\n* `HSTS_TIMEOUT_AGE`: HSTS 最大时间，默认为`31536000`\n* `HSTS_INCLUDE_SUBDOMAIN`: HSTS 包含子域，默认为`True`\n* `ENABLE_OCSP`: 是否启用 OCSP，默认为`True`\n* `DELETE_OLD_CERTS`: 是否删除适用于CDN_DOMAIN域名下的其他所有证书，默认为`True`\n* `UPDATE_SSL`: 是否进行为CDN_DOMAIN更换SSL证书的操作，默认为`True`\n* `PUSH_URLS`: 是否进行预热URL的操作，默认为`True`\n* `PURGE_URL`: 是否进行刷新URL的操作，默认为`True`\n* `UPDATE_LIVE_SSL`: 是否进行为云直播更换SSL证书的操作，默认为`False`\n\n\n\n### 使用 GitHub Action 部署\n\nFork 此项目，配置以下 Github Action Secrets\n\n* `ACME_DNS_TYPE`: Acme 的 dns 类型，你可以选择你的 dns 类型并配置[环境变量密钥](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)\n* `ACME_DOMAIN`: 你的顶级域名，例如：`whuzfb.cn`，自动申请证书 `whuzfb.cn/*.whuzfb.cn`\n* `SECRETID`: 腾讯云 Secret Id\n* `SECRETKEY`: 腾讯云 Secret Key\n* `CDN_DOMAIN`: CDN 域名，多个域名用逗号分隔\n* `BARK_HOST`: [Bark](https://github.com/Finb/Bark) 消息通知 Host\n* `BARK_KEY`: [Bark](https://github.com/Finb/Bark) 消息通知 Key\n\n### 手动部署\n\n#### 使用acme.sh申请证书\n[安装及简单使用](https://blog.whuzfb.cn/blog/2020/07/07/web_https/#3-%E5%AE%89%E8%A3%85acme%E8%87%AA%E5%8A%A8%E7%AD%BE%E5%8F%91%E8%AF%81%E4%B9%A6)  \n对于本程序  \n```bash\n# 腾讯云支持使用单域名和泛域名的证书，例如申请泛域名\nacme.sh --issue  -d \"whuzfb.cn\" -d \"*.whuzfb.cn\" --dns dns_dp\n# 申请单域名\n# acme.sh --issue  -d \"blog.whuzfb.cn\" --dns dns_dp\n```\n\n#### 修改config.example.py参数\n根据注释修改每一项内容  \n然后重命名为`config.py`\n\n## 主要函数\n`qssl.get_cert_list(client)`：获取所有的SSL证书列表  \n`qssl.get_cert_info(client, cert_id)`：根据id获取SSL证书的信息  \n`qssl.get_cert_detail(client, cert_id)`：根据id获取SSL证书的详情  \n`qssl.delete_cert(client, cert_id)`：删除指定id的SSL证书  \n`qssl.upload_cert(client, local_cert_info)`：把本地的SSL证书上传到腾讯云，返回新证书的id  \n\n\n`cdn.get_cdn_detail_info(client)`：获取所有CDN的详细信息，返回列表  \n`cdn.get_cdn_url_push_info(client)`：查询CDN预热配额和每日可用量  \n`cdn.update_cdn_url_push(client, urls)`：指定 URL 资源列表加载至 CDN 节点，支持指定加速区域预热；默认情况下境内、境外每日预热 URL 限额为各 1000 条，每次最多可提交 20 条  \n`cdn.get_cdn_purge_url_info(client)`：查询CDN刷新配额和每日可用量  \n`cdn.update_cdn_purge_url(client, urls)`：指定 URL 资源的刷新，支持指定加速区域刷新；默认情况下境内、境外每日刷新 URL 限额为各 10000 条，每次最多可提交 1000 条  \n`cdn.update_cdn_ssl(client, domain, cert_id)`：为指定域名的CDN更换SSL证书  \n\n\n`ecdn.get_ecdn_basic_info(client)`：获取所有ECDN（全球加速服务）的基本信息，返回列表  \n`ecdn.get_ecdn_detail_info(client)`：获取所有ECDN的详细信息，返回列表  \n`ecdn.update_ecdn_ssl(client, domain, cert_id)`：为指定域名的CDN的更换SSL证书  \n\n`teo.get_teo_zones_list(client)`：获取边缘安全加速平台所有的加速区域`zoneID`列表\n`teo.get_teo_domains_list(client, zone_id)`：获取指定加速区域的域名列表\n`teo.update_teo_ssl(client, zoneid, hostname, cert_id)`：为指定域名的加速区域的对应域名更换SSL证书\n\n`live.get_live_detail_info(client)`：获取所有LIVE的详细信息，返回列表\n`live.update_live_ssl(client, domain, cert_id)`：为指定域名的LIVE更换SSL证书\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzfb132%2Fqcloud-ssl-cdn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzfb132%2Fqcloud-ssl-cdn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzfb132%2Fqcloud-ssl-cdn/lists"}