AWS IoT Core 中使用的 R.509 证书有时会因为到期而无法验证用户设备的身份，导致无法正常连接。为了解决这个问题，我们可以使用 AWS SDK for Python（Boto3）自动化更新、替换设备证书。

示例代码：

import boto3 from datetime import datetime, timedelta

Set the AWS region and IoT endpoint

region_name = 'us-east-1' endpoint = 'xxxxxx.iot.us-east-1.amazonaws.com'

Set the device certificate ID and ARN

certificate_id = 'xxxxxxxxxxxxxxxxxxxxx' certificate_arn = 'arn:aws:iot:us-east-1:xxxxxxxxxxxx:cert/xxxxxxxxxxxxxxxxxxxxx'

Get the current date and time

now = datetime.utcnow()

Create an IoT client using Boto3

iot = boto3.client('iot', region_name=region_name)

Describe the device certificate

certificate = iot.describe_certificate(certificateId=certificate_id)

Get the certificate expiration date and time

expiration_date = certificate['certificateDescription']['creationDate'] + timedelta(days=365) expiration_date = expiration_date.replace(tzinfo=None)

Update the device certificate if it will expire in 30 days or less

if (expiration_date - now).days <= 30: print(f'The certificate is expiring on {expiration_date}. Renewing the certificate...') response = iot.update_certificate( certificateId=certificate_id, newStatus='ACTIVE' )

# Attach the new certificate to the device
response = iot.attach_thing_principal(
    thingName='my-thing',
    principal=certificate_arn
)
print(f'The certificate has been updated and attached to the device: {response}')

else: print(f'The certificate is valid until {expiration_date} and does not need to be renewed at this time.')