自动检测证书时间,从NAS上获取SSL证书自动更新
脚本
#!/bin/sh
#检测证书时间
if openssl x509 -in /etc/pve/nodes/pve/pveproxy-ssl.pem -checkend 2419200 | grep "not"
then
echo `date +%Y%m%d%H%M%S`":Certificate is good for another day!"
else
echo `date +%Y%m%d%H%M%S`":Certificate has expired or will do so within 24 hours!"
scp root@192.168.1.X:/volume1/docker/acme/data/spr007.com/fullchain.cer /etc/pve/nodes/pve/pveproxy-ssl.pem
scp root@192.168.1.X:/volume1/docker/acme/data/spr007.com/spr007.com.key /etc/pve/nodes/pve/pveproxy-ssl.key
systemctl restart pveproxy
fi
PVE HOST 生成公钥
ssh-keygen -t rsa
信任服务器
在pve的ssh里登录一下远程服务器,输入密码,输入yes,信任服务器。这样会生成/.ssh/know_hosts
ssh root@192.168.1.X
将当前PVE生成的公钥,复制到目标机器的authorized_keys文件中(没有文件则新建)
scp ~/.ssh/id_rsa.pub root@192.168.1.X:/root/.ssh/authorized_keys
添加定时任务
crontab -e
每天0点30分执行
30 0 * * * /bin/sh /root/scripts/sslupdate.sh >> /root/scripts/sslupdate_log.txt 2>&1
重启crontab服务
/etc/init.d/cron restart