private static readonly RNGCryptoServiceProvider s_randomGenerator = new RNGCryptoServiceProvider(); // thread-safe public async Task Renew(RenewalParameters renewalParams) { if (renewalParams == null) { throw new ArgumentNullException(nameof(renewalParams)); } Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams); Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewalParams.WebApp); var pfxPassData = new byte[32]; s_randomGenerator.GetBytes(pfxPassData); Trace.TraceInformation("Adding SSL cert for '{0}'...", renewalParams.WebApp); var manager = CertificateManager.CreateKuduWebAppCertificateManager( new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.WebApp, renewalParams.ServicePlanResourceGroup, renewalParams.SiteSlotName) { AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService) }, new AcmeConfig { Host = renewalParams.Hosts[0], AlternateNames = renewalParams.Hosts.Skip(1).ToList(), RegistrationEmail = renewalParams.Email, RSAKeyLength = renewalParams.RsaKeyLength, PFXPassword = Convert.ToBase64String(pfxPassData), BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString() }, new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }, new AuthProviderConfig()); if (renewalParams.RenewXNumberOfDaysBeforeExpiration > 0) { await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration); } else { await manager.AddCertificate(); } Trace.TraceInformation("SSL cert added successfully to '{0}'", renewalParams.WebApp); }
private static async Task RenewCore(RenewalParameters renewalParams) { Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams); var acmeConfig = GetAcmeConfig(renewalParams); var webAppEnvironment = GetWebAppEnvironment(renewalParams); var certificateServiceSettings = new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }; var azureDnsEnvironment = GetAzureDnsEnvironment(renewalParams); if (azureDnsEnvironment != null) { throw new ConfigurationErrorsException("Azure DNS challenge currently not supported"); } var manager = CertificateManager.CreateKuduWebAppCertificateManager(webAppEnvironment, acmeConfig, certificateServiceSettings, new AuthProviderConfig()); Trace.TraceInformation("Adding SSL cert for '{0}'...", GetWebAppFullName(renewalParams)); bool addNewCert = true; if (renewalParams.RenewXNumberOfDaysBeforeExpiration > 0) { var staging = acmeConfig.BaseUri.Contains("staging", StringComparison.OrdinalIgnoreCase); var letsEncryptHostNames = await CertificateHelper.GetLetsEncryptHostNames(webAppEnvironment, staging); Trace.TraceInformation("Let's Encrypt host names (staging: {0}): {1}", staging, String.Join(", ", letsEncryptHostNames)); ICollection <string> missingHostNames = acmeConfig.Hostnames.Except(letsEncryptHostNames, StringComparer.OrdinalIgnoreCase).ToArray(); if (missingHostNames.Count > 0) { Trace.TraceInformation( "Detected host name(s) with no associated Let's Encrypt certificates, will add a new certificate: {0}", String.Join(", ", missingHostNames)); } else { Trace.TraceInformation("All host names associated with Let's Encrypt certificates, will perform cert renewal"); addNewCert = false; } } if (addNewCert) { await manager.AddCertificate(); } else { await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration); } Trace.TraceInformation("Let's Encrypt SSL certs & bindings renewed for '{0}'", renewalParams.WebApp); }
public async Task <IHttpActionResult> GenerateAndInstall(HttpKuduInstallModel model, [FromUri(Name = "api-version")] string apiversion = null) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var mgr = CertificateManager.CreateKuduWebAppCertificateManager(model.AzureEnvironment, model.AcmeConfig, model.CertificateSettings, model.AuthorizationChallengeProviderConfig); return(Ok(await mgr.AddCertificate())); }
private static async Task RenewCore(RenewalParameters renewalParams) { Trace.TraceInformation("Adding / renewing SSL cert for '{0}' with parameters: {1}", GetWebAppFullName(renewalParams), renewalParams); var acmeConfig = GetAcmeConfig(renewalParams, CertificateHelper.GenerateSecurePassword()); var webAppEnvironment = GetWebAppEnvironment(renewalParams); var certificateServiceSettings = new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }; var azureDnsEnvironment = GetAzureDnsEnvironment(renewalParams); bool staging = acmeConfig.BaseUri.Contains("staging", StringComparison.OrdinalIgnoreCase); if (azureDnsEnvironment != null) { await GetDnsRenewalService(renewalParams, azureDnsEnvironment, webAppEnvironment).Run( new AcmeDnsRequest { AcmeEnvironment = staging ? (AcmeEnvironment) new LetsEncryptStagingV2() : new LetsEncryptV2(), RegistrationEmail = acmeConfig.RegistrationEmail, Host = acmeConfig.Host, PFXPassword = CertificateHelper.GenerateSecurePassword(), CsrInfo = new CsrInfo(), }, renewalParams.RenewXNumberOfDaysBeforeExpiration).ConfigureAwait(false); } else { var manager = CertificateManager.CreateKuduWebAppCertificateManager(webAppEnvironment, acmeConfig, certificateServiceSettings, new AuthProviderConfig()); var addNewCert = await CheckCertAddition(renewalParams, webAppEnvironment, acmeConfig, staging).ConfigureAwait(false); if (addNewCert) { await manager.AddCertificate().ConfigureAwait(false); } else { await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration).ConfigureAwait(false); } } Trace.TraceInformation("Let's Encrypt SSL certs & bindings renewed for '{0}'", renewalParams.WebApp); }
private async Task <int> RenewCore(RenewalParameters renewalParams) { Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams); Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewalParams.WebApp); var pfxPassData = new byte[32]; s_randomGenerator.GetBytes(pfxPassData); Trace.TraceInformation( "Adding SSL cert for '{0}{1}'...", renewalParams.WebApp, renewalParams.GroupName == null ? String.Empty : $"[{renewalParams.GroupName}]"); azureEnvironment = new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.WebApp, renewalParams.ServicePlanResourceGroup, renewalParams.SiteSlotName) { WebRootPath = renewalParams.WebRootPath, AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService), }; var manager = CertificateManager.CreateKuduWebAppCertificateManager( azureEnvironment, new AcmeConfig { Host = renewalParams.Hosts[0], AlternateNames = renewalParams.Hosts.Skip(1).ToList(), RegistrationEmail = renewalParams.Email, RSAKeyLength = renewalParams.RsaKeyLength, PFXPassword = Convert.ToBase64String(pfxPassData), BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString(), }, new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }, new AuthProviderConfig()); var certificatesRenewed = 0; using (webSiteClient = await ArmHelper.GetWebSiteManagementClient(azureEnvironment)) { var isWebAppRunning = IsWebAppRunning(); if (!isWebAppRunning && !await StartWebApp()) { string errorMessage = string.Format("Could not start WebApp '{0}' to renew certificate", renewalParams.WebApp); Trace.TraceError(errorMessage); throw new WebAppException(renewalParams.WebApp, "Could not start WebApp"); } if (await HasCertificate()) { var result = await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration); certificatesRenewed = result.Count; } else { var result = await manager.AddCertificate(); if (result != null) { certificatesRenewed = 1; } } if (!isWebAppRunning && !await StopWebApp()) { Trace.TraceWarning("Could not stop WebApp '{0}' after renewing certificate", renewalParams.WebApp); } } Trace.TraceInformation("SSL cert added successfully to '{0}'", renewalParams.WebApp); return(certificatesRenewed); }