This topic describes how to use Classic Load Balancer (CLB) SDK for Python to create an HTTPS listener and update the server certificate of the HTTPS listener.

Prerequisites

Two Elastic Compute Service (ECS) instances are created in the China (Zhangjiakou) region. Both ECS instances are in the Running state.

Before you run the following code in script mode, make sure that the requirements are met. For more information, see Preparations.

Background information

In this topic, the following steps are performed to create an HTTPS listener and update the server certificate of the HTTPS listener:
  1. Create a CLB instance in the China (Zhangjiakou) region. Set the name of the CLB instance to SLB1, set the primary zone to cn-zhangjiakou-a, and set the secondary zone to cn-zhangjiakou-b. In addition, set the billing method of the CLB instance to pay-as-you-go and set the type of the CLB instance to slb.s1.small. For other parameters, use the default settings.
  2. Add the ECS instances that are created in the China (Zhangjiakou) region to the default server group. Network traffic is then forwarded by the CLB instance to the ECS instances. Then, set the weights of both ECS instances to 100.
  3. Upload a server certificate.
  4. Create an HTTPS listener. Set the frontend port that the CLB instance uses to port 80 and set the backend server that receives requests to port 443. Then, disable health checks and session persistence, and set the maximum bandwidth of the listener to 6 Mbit /s. For other parameters, use the default settings.
  5. Upload a new server certificate.
  6. Update the server certificate of the newly created HTTPS listener.
  7. Delete the CLB instance.

Procedure

  1. In the directory to which the SDK is downloaded, open the folder $aliyun-openapi-python-sdk-examples\sdk_examples\examples\slb.
  2. Open upload_server_certificate.py in the editor. Set the ACS_CLIENT parameter to configure user identity verification and set other parameters based on your actual needs. Then, save the file and exit.
    Note The SDK verifies the identity of every user. You can set the AcsClient parameter in a constants file and invoke the constants file when you need it.
    # encoding=utf-8
    import sys
    import json
    
    #Import AcsClient to verify the identity of the API caller.
    from aliyunsdkcore.client import AcsClient
    #Use the exception handling module of Alibaba Cloud SDK.
    from aliyunsdkcore.acs_exception.exceptions import ServerException, ClientException
    #Import the API operation for uploading a certificate.
    from aliyunsdkslb.request.v20140515 import UploadServerCertificateRequest
    #Import the API operation for creating a CLB instance.
    from aliyunsdkslb.request.v20140515 import CreateLoadBalancerRequest
    #Import the API operation for adding a default server group.
    from aliyunsdkslb.request.v20140515 import AddBackendServersRequest
    #Import the API operation for creating an HTTPS listener.
    from aliyunsdkslb.request.v20140515 import CreateLoadBalancerHTTPSListenerRequest
    #Import the API operation for modifying an HTTPS listener.
    from aliyunsdkslb.request.v20140515 import SetLoadBalancerHTTPSListenerAttributeRequest
    #Import the API operation for deleting a CLB instance.
    from aliyunsdkslb.request.v20140515 import DeleteLoadBalancerRequest
    ##Handle exceptions.
    from sdk_lib.exception import ExceptionHandler
    #Import logs from the command-line interface.
    from sdk_lib.common_util import CommonUtil
    
    #Set the parameters for user identity verification.
    ACS_CLIENT = AcsClient(
        'your-access-key-id',  # your-access-key-id
        'your-access-key-secret',  # your-access-key-secret
        'cn-zhangjiakou',  # your-region-id
    )
    #Specify the number of retries after a failure.
    TRY_TIME = 3
    '''
    Create a CLB instance -> Upload a server certificate -> Create an HTTPS listener -> Upload a new server certificate
    -> Modify the configuration of the HTTPS listener in loops
    '''
    
    
    def create_load_balancer(params):
        '''
        create_load_balancer: creates a CLB instance.
        For more information about the API operation, see https://www.alibabacloud.com/help/zh/doc-detail/27577.html
        '''
        try:
            #Set the API request parameters for creating a CLB instance.
            request = CreateLoadBalancerRequest.CreateLoadBalancerRequest()
            request.set_MasterZoneId(params["master_zone_id"])
            request.set_SlaveZoneId(params["slave_zone_id"])
            request.set_LoadBalancerName(params["load_balancer_name"])
            request.set_PayType(params["pay_balancer_type"])
            #Make an API request and receive a response.
            response = ACS_CLIENT.do_action_with_exception(request)
            response_json = json.loads(response)
            #API response.
            return response_json
        except ServerException as e:
            ExceptionHandler.server_exception(e)
        except ClientException as e:
            ExceptionHandler.client_exception(e)
    
    
    def add_backend_servers(params):
        '''
        add_backend_servers: adds backend servers.
        For more information about the API operation, see  https://www.alibabacloud.com/help/zh/doc-detail/27632.html
        '''
        counter = 0
        while counter < TRY_TIME:
            try:
                #Set the API request parameters for adding backend servers to the default server group.
                request = AddBackendServersRequest.AddBackendServersRequest()
                #The ID of the CLB instance.
                request.set_LoadBalancerId(params["load_balancer_id"])
                #The list of backend servers that you want to add.
                request.set_BackendServers(params["backend_servers"])
                #Make an API request and receive a response.
                response = ACS_CLIENT.do_action_with_exception(request)
                response_json = json.loads(response)
                #API response.
                return response_json
            except ServerException as e:
                if ExceptionHandler.server_exception(e):
                    return e
            except ClientException as e:
                if ExceptionHandler.client_exception(e):
                    return e
            finally:
                counter += 1
    
    
    def upload_server_certificate(params):
        '''
        upload_server_certificate: uploads a server certificate.
        For more information about the API operation, see  https://www.alibabacloud.com/help/zh/doc-detail/34181.html
        '''
        counter = 0
        while counter < TRY_TIME:
            try:
                request = UploadServerCertificateRequest.UploadServerCertificateRequest()
                #The public key file that you want to upload.
                request.set_ServerCertificate(params["server_certificate"])
                #The private key file that you want to upload.
                request.set_PrivateKey(params["private_key"])
                #Make an API request and receive a response.
                response = ACS_CLIENT.do_action_with_exception(request)
                response_json = json.loads(response)
                #API response.
                return response_json
            except ServerException as e:
                ExceptionHandler.server_exception(e)
            except ClientException as e:
                ExceptionHandler.client_exception(e)
            finally:
                counter += 1
    
    
    def create_https_listener(params):
        '''
        create_https_listener: creates an HTTPS listener.
        For more information about the API operation, see  https://www.alibabacloud.com/help/zh/doc-detail/27593.html
        '''
        counter = 0
        while counter < TRY_TIME:
            try:
                request = CreateLoadBalancerHTTPSListenerRequest.CreateLoadBalancerHTTPSListenerRequest()
                #The ID of the CLB instance.
                request.set_LoadBalancerId(params["load_balancer_id"])
                #The maximum bandwidth of the listener.
                request.set_Bandwidth(params["bandwidth"])
                #The frontend port that is used by the CLB instance.
                request.set_ListenerPort(params["listener_port"])
                #Specify whether to enable health checks.
                request.set_HealthCheck(params["health_check"])
                #Specify whether to enable session persistence.
                request.set_StickySession(params["sticky_session"])
                #The backend port that is used by the CLB instance.
                request.set_BackendServerPort(params["backend_server_port"])
                #The ID of the server certificate.
                request.set_ServerCertificateId(params["server_certificate_id"])
                #Make an API request and receive a response.
                response = ACS_CLIENT.do_action_with_exception(request)
                response_json = json.loads(response)
                #API response.
                return response_json
            except ServerException as e:
                ExceptionHandler.server_exception(e)
            except ClientException as e:
                ExceptionHandler.client_exception(e)
            finally:
                counter += 1
    
    
    def set_https_listener_attribute(params):
        '''
        set_https_listener_attribute: modifies the configurations of an HTTPS listener.
        For more information about the API operation, see  https://www.alibabacloud.com/help/zh/doc-detail/27603.html
        '''
        counter = 0
        while counter < TRY_TIME:
            try:
                request = SetLoadBalancerHTTPSListenerAttributeRequest.SetLoadBalancerHTTPSListenerAttributeRequest()
                #The ID of the CLB instance.
                request.set_LoadBalancerId(params["load_balancer_id"])
                #The maximum bandwidth of the listener.
                request.set_Bandwidth(params["bandwidth"])
                #The frontend port that is used by the CLB instance.
                request.set_ListenerPort(params["listener_port"])
                #Specify whether to enable health checks.
                request.set_HealthCheck(params["health_check"])
                #Specify whether to enable session persistence.
                request.set_StickySession(params["sticky_session"])
                #The ID of the server certificate.
                request.set_ServerCertificateId(params["server_certificate_id"])
                #Make an API request and receive a response.
                response = ACS_CLIENT.do_action_with_exception(request)
                response_json = json.loads(response)
                #API response.
                return response_json
            except ServerException as e:
                ExceptionHandler.server_exception(e)
            except ClientException as e:
                ExceptionHandler.client_exception(e)
            finally:
                counter += 1
    
    
    def delete_load_balancer(load_balancer_id):
        '''
        delete_load_balancer: deletes a CLB instance.
        For more information about the API operation, see https://www.alibabacloud.com/help/zh/doc-detail/27579.html
        '''
        try:
            #Set the API request parameters for deleting a CLB instance.
            request = DeleteLoadBalancerRequest.DeleteLoadBalancerRequest()
            #The ID of the CLB instance.
            request.set_LoadBalancerId(load_balancer_id)
            #Make an API request and receive a response.
            response = ACS_CLIENT.do_action_with_exception(request)
            response_json = json.loads(response)
            #API response.
            return response_json
        except ServerException as e:
            ExceptionHandler.server_exception(e)
        except ClientException as e:
            ExceptionHandler.client_exception(e)
    
    
    def main():
        params = {}
        #Set the API request parameters for creating a CLB instance.
        #Set the primary zone of the new CLB instance to Zhangjiakou Zone A.
        params["master_zone_id"] = "cn-zhangjiakou-a"
        #Set the secondary zone of the new CLB instance to cn-zhangjiakou-b.
        params["slave_zone_id"] = "cn-zhangjiakou-b"
        #Set the name of the new CLB instance to SLB1.
        params["load_balancer_name"] = "SLB1"
        #Set the billing method of the new CLB instance to pay-as-you-go.
        params["pay_balancer_type"] = "PayOnDemand"
    
        #Set the IDs and weights of the ECS instances that you want to add to the default server group.
        params["backend_servers"] = [{"ServerId": "i-8vbe8yixxxxxxxxxxxxxw", "Weight": "100"},
                                     {"ServerId": "i-8vbe8yxxxxxxxxxxxxxj9v", "Weight": "100"}]
    
        #Set the parameters of the server certificate that you want to upload.
    
        #Set the parameters of the HTTPS listener that you want to create.
        #Disable health checks.
        params["health_check"] = "off"
        #Set the maximum bandwidth of the listener.
        params["bandwidth"] = 6
        #The frontend port that is used by the CLB instance.
        params["listener_port"] = 80
        #Set the backend port that is used by the CLB instance.
        params["backend_server_port"] = 443
        #Disable session persistence.
        params["sticky_session"] = "off"
    
        #Create the CLB instance.
        #Obtain the returned value of create_load_balancer. load_balancer_json is the returned value in a JSON string.
        load_balancer_json = create_load_balancer(params)
        #Print the returned value of load_balancer_json. create_load_balancer is the name of the JSON string.
        CommonUtil.log("create_load_balancer", load_balancer_json)
    
        #Upload a server certificate.
        #The public key file that you want to upload.
        params["server_certificate"] = "-----BEGIN CERTIFICATE-----xxxxxxx-----END CERTIFICATE-----"
        params["private_key"] = "-----BEGIN RSA PRIVATE KEY-----xxxxxxxxxxx-----END RSA PRIVATE KEY-----"
        result_json = upload_server_certificate(params)
        CommonUtil.log("upload_server_certificate", result_json)
        params["server_certificate_id"] = result_json["ServerCertificateId"]
    
        #The ID of the CLB instance.
        params["load_balancer_id"] = load_balancer_json["LoadBalancerId"]
    
        #Create an HTTPS listener.
        result_json = create_https_listener(params)
        CommonUtil.log("create_https_listener", result_json)
    
        #Upload a new server certificate.
        #The new public key certificate that you want to upload.
        params["server_certificate"] = "-----BEGIN CERTIFICATE-----xxxxxxx-----END CERTIFICATE-----"
        params["private_key"] = "-----BEGIN RSA PRIVATE KEY-----xxxxxxxxxxx-----END RSA PRIVATE KEY-----"
        result_json = upload_server_certificate(params)
        CommonUtil.log("upload_server_certificate", result_json)
        params["server_certificate_id"] = result_json["ServerCertificateId"]
    
        #Modify the configurations of the HTTPS listener.
        result_json = set_https_listener_attribute(params)
        CommonUtil.log("set_https_listener_attribute", result_json)
    
        #Delete the CLB instance.
        #Delete the CLB instance with the returned LoadBalancerId.
        load_balancer_json = delete_load_balancer(load_balancer_json["LoadBalancerId"])
        #Print the returned value of load_balancer_json.
        CommonUtil.log("delete_load_balancer", load_balancer_json)
    
    
    if __name__ == "__main__":
        sys.exit(main())
  3. Go to the directory where the upload_server_certificate.py file is stored and run following command to update the HTTPS certificate:
    python upload_server_certificate.py
    The following output is returned:
    ---------------------------create_load_balancer---------------------------
    {
      "VpcId": "",
      "AddressIPVersion": "ipv4",
      "LoadBalancerName": "SLB1",
      "ResourceGroupId": "rg-axxxxxxxxxxxy",
      "VSwitchId": "",
      "RequestId": "1DEF72EE-CA5C-449D-9E97-2CE460DE7F7A",
      "Address": "123.XX.XX.212",
      "NetworkType": "classic",
      "LoadBalancerId": "lb-8vxxxxxxxxxxxf"
    }
    
    ---------------------------upload_server_certificate---------------------------
    {
      "ExpireTimeStamp": 1732169065000,
      "RegionIdAlias": "cn-zhangjiakou",
      "AliCloudCertificateName": "",
      "RegionId": "cn-zhangjiakou",
      "CommonName": "test",
      "ServerCertificateName": "test",
      "ExpireTime": "2024-11-21T06:04:25Z",
      "ResourceGroupId": "rg-axxxxxxxxxxxyy",
      "RequestId": "D6FB8B7C-B0EA-43E7-AD8F-E0201A9E1A13",
      "Fingerprint": "cd:90:1b:7b:49:4d:1d:90:f6:01:de:9a:81:7d:31:a7:38:1d:84:8d",
    
      "AliCloudCertificateId": "",
      "IsAliCloudCertificate": 0,
      "ServerCertificateId": "12xxxxxxxxxxxx3_16xxxxxxxxxx6_-1xxxxxxxx13_-1xxxxxx72"
    }
    
    ---------------------------create_https_listener---------------------------
    {
      "RequestId": "FC70EDC8-06EC-4E1C-97BE-D81571DA23B4"
    }
    
    ---------------------------upload_server_certificate---------------------------
    {
      "ExpireTimeStamp": 1567857600000,
      "RegionIdAlias": "cn-zhangjiakou",
      "AliCloudCertificateName": "",
      "RegionId": "cn-zhangjiakou",
      "CommonName": "aliyundoc.com",
      "ServerCertificateName": "aliyundoc.com",
      "ExpireTime": "2023-09-07T12:00:00Z",
      "ResourceGroupId": "rg-acxxxxxxxxxxxxy",
      "RequestId": "913E991F-BCC9-4A3D-9802-19084E2CE271",
      "Fingerprint": "8c:47:1b:a7:8f:02:27:3a:35:7c:e3:47:4a:5f:55:02:ed:e3:57:1e",
    
      "SubjectAlternativeNames": {
        "SubjectAlternativeName": [
          "aliyundoc.com"
        ]
      },
      "AliCloudCertificateId": "",
      "IsAliCloudCertificate": 0,
      "ServerCertificateId": "12xxxxxxxxxxxx3_16xxxxxxx716_4xxxxxxx4_-14xxxxxxxxxx9"
    }
    
    ---------------------------set_https_listener_attribute-------------------------
    --
    {
      "RequestId": "14275D2B-20F2-4D96-9FC8-7BB2B110155C"
    }
    
    ---------------------------delete_load_balancer---------------------------
    {
      "RequestId": "2A1DF87C-842A-4C1E-AA61-23EB365EB86F"
    }