如何从 Traefik 证书存储中导出证书

Traefik 将证书作为 base64 编码的 X.509 证书和密钥存储在证书存储中。

这是一个从 Traefik 证书存储 .json 文件导出证书的 Python 脚本:

traefik_export.py
import json
import base64

# 读取 Traefik ACME JSON
with open("acme.json") as acme_file:
    acme = json.load(acme_file)

# 从特定解析器选择证书
resolver_name = "my-resolver"
certificates = acme[resolver_name]["Certificates"]

# 查找我们正在寻找的特定证书
certificate = [certificate for certificate in certificates if "myddomain.com" in certificate["domain"].get("sans", [])][0]

# 提取 X.509 证书数据
certificate_data = base64.b64decode(certificate["certificate"])
key_data = base64.b64decode(certificate["key"])

# 将证书和密钥导出到文件
with open("certificate.pem", "wb") as certfile:
    certfile.write(certificate_data)

with open("key.pem", "wb") as keyfile:
    keyfile.write(key_data)

注意根据你证书的主要名称,你可能需要使用

traefik_cert_select_example.py
if "myddomain.com" == certificate["domain"]["main"]

而不是

traefik_cert_sans_check.py
if "myddomain.com" in certificate["domain"].get("sans", [])

Check out similar posts by category: Python, Traefik