public async Task RetrieveCertificates(Order order)
{
var certKey = new RSACryptoServiceProvider(4096);
Order certOrder = await acmeClient.RequestCertificateAsync(order, certKey);
while (certOrder.Status == ACMEStatus.Processing)
{
await Task.Delay(500);
Program.LogLine("Order status = processing; updating..", true);
certOrder = await acmeClient.UpdateOrderAsync(certOrder);
}
if (certOrder.Status != ACMEStatus.Valid)
{
throw new Exception($"Failed to order certificates with {certOrder.Status}, {certOrder.Error.Detail}");
}
X509Certificate2 cert = await acmeClient.GetCertificateAsync(certOrder);
var certdata = cert.Export(X509ContentType.Cert);
var publicKeyFilename = $"{FixFilename(certOrder.Identifiers[0].Value)}.crt";
File.WriteAllBytes(publicKeyFilename, certdata);
Program.LogLine($"Public certificate written to file {publicKeyFilename}");
// combine the two!
X509Certificate2 properCert = cert.CopyWithPrivateKey(certKey);
Program.LogLine("Enter password to secure PFX");
System.Security.SecureString password = PasswordInput.ReadPassword();
var pfxData = properCert.Export(X509ContentType.Pfx, password);
var privateKeyFilename = $"{FixFilename(certOrder.Identifiers[0].Value)}.pfx";
File.WriteAllBytes(privateKeyFilename, pfxData);
Program.LogLine($"Private certificate written to file {privateKeyFilename}");
}
static async Task OrderDomains(ACMEClient acmeClient, params string[] domainNames)
{
var domains = domainNames.Select(domain => new OrderIdentifier {
Type = ChallengeType.DNSChallenge, Value = domain
});
Uri[] validations = null;
Order order = null;
while (order == null)
{
order = await NewOrderAsync(acmeClient, domains);
if (order == null)
{
Console.WriteLine("Failed.. retrying");
await Task.Delay(5000);
}
}
// todo: save order identifier
Console.WriteLine($"Order location: {order.Location}");
validations = order.Authorizations;
var auths = await RetrieveAuthz(acmeClient, validations);
foreach (var item in auths)
{
foreach (var challenge in item.Challenges)
{
Console.WriteLine($"Challenge: {challenge.Url}");
Console.WriteLine($"Type: {challenge.Type}");
Console.WriteLine($"Token: {challenge.Token}");
Console.WriteLine($"Value: {challenge.AuthorizationToken}");
if (challenge.Type == "http-01")
{
File.WriteAllText(challenge.Token, challenge.AuthorizationToken);
Console.WriteLine($"File saved as: {challenge.Token} in working directory.");
Console.WriteLine($"Please upload the file to {domainNames.First()}/.well-known/acme-challenge/{challenge.Token}");
}
else if (challenge.Type == "dns-01")
{
Console.WriteLine($"Please create a text entry in the DNS records for each domain in {string.Join(',', domainNames)} using {challenge.Token}");
}
else
{
Console.WriteLine($"Unknown challenge type encountered '{challenge.Type}'. Please handle accourdingly.");
}
var result = HandleConsoleInput("Challenge completed? [y/n]", new[] { "y", "yes", "n", "no" });
if (result == "y" || result == "yes")
{
Console.WriteLine("Validating challenge");
var validation = await ValidateChallengeCompletion(challenge, domainNames);
if (validation.Any(validationItem => !validationItem.Value))
{
Console.WriteLine($"The following domains failed validation: " +
$"{string.Join(',', validation.Where(vItem => !vItem.Value).Select(vItem => vItem.Key))}");
}
if (validation.Any(validationItem => validationItem.Value))
{
var c = await CompleteChallenge(acmeClient, challenge, challenge.AuthorizationToken);
if (c != null)
{
Console.WriteLine(c.Status);
}
}
}
else
{
Console.WriteLine("Skipping challenge");
}
}
}
// todo: add a proper check to see if all validations passed.
order = await acmeClient.UpdateOrderAsync(order);
Console.WriteLine($"Order status:{order.Status}");
// todo: if(order.Status == failed...)
while (order.Status == Order.Processing)
{
Thread.Sleep(500);
Console.WriteLine("Order status = processing; updating..");
order = await acmeClient.UpdateOrderAsync(order);
}
var certKey = new RSACryptoServiceProvider(4096);
SaveRSAKeyToFile(certKey, $"{order.Identifiers[0].Value}.key");
Order certOrder = null;
try
{
certOrder = await acmeClient.RequestCertificateAsync(order, certKey);
while (certOrder.Status == Order.Processing)
{
Thread.Sleep(500);
Console.WriteLine("Order status = processing; updating..");
certOrder = await acmeClient.UpdateOrderAsync(certOrder);
}
Console.WriteLine(certOrder.Status);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
var cert = await acmeClient.GetCertificateAsync(certOrder);
var certdata = cert.Export(X509ContentType.Cert);
var publicKeyFilename = $"{certOrder.Identifiers[0].Value}.crt";
File.WriteAllBytes(publicKeyFilename, certdata);
Console.WriteLine($"Public certificate written to file {publicKeyFilename}");
// combine the two!
var properCert = cert.CopyWithPrivateKey(certKey);
var pfxData = cert.Export(X509ContentType.Pfx);
var privateKeyFilename = $"{certOrder.Identifiers[0].Value}.pfx";
File.WriteAllBytes(privateKeyFilename, pfxData);
Console.WriteLine($"Private certificate written to file {privateKeyFilename}");
}
private static async Task OrderDomains(ACMEClient acmeClient, params string[] domainNames)
{
IEnumerable <OrderIdentifier> domains = domainNames.Select(domain => new OrderIdentifier {
Type = ChallengeType.DNSChallenge, Value = domain
});
Uri[] validations = null;
Order order = null;
while (order == null)
{
order = await NewOrderAsync(acmeClient, domains);
if (order == null)
{
Console.WriteLine("Failed.. retrying");
await Task.Delay(5000);
}
}
// todo: save order identifier
Console.WriteLine($"Order location: {order.Location}");
validations = order.Authorizations;
IEnumerable <AuthorizationChallengeResponse> auths = await RetrieveAuthz(acmeClient, validations);
foreach (AuthorizationChallengeResponse item in auths)
{
if (item.Status == ACMEStatus.Valid)
{
Console.WriteLine("Domain already validated succesfully.");
continue;
}
AuthorizationChallenge validChallenge = item.Challenges.Where(challenge => challenge.Status == ACMEStatus.Valid).FirstOrDefault();
if (validChallenge != null)
{
Console.WriteLine("Found a valid challenge, skipping domain.");
Console.WriteLine(validChallenge.Type);
continue;
}
IEnumerable <AuthorizationChallenge> applicableChallenges = item.Wildcard ? item.Challenges.Where(x => x.Type == "dns-01") :
item.Challenges;
foreach (AuthorizationChallenge challenge in applicableChallenges)
{
Console.WriteLine($"Status: {challenge.Status}");
Console.WriteLine($"Challenge: {challenge.Url}");
Console.WriteLine($"Type: {challenge.Type}");
Console.WriteLine($"Token: {challenge.Token}");
Console.WriteLine($"Value: {challenge.AuthorizationToken}");
if (challenge.Type == "http-01")
{
File.WriteAllText(challenge.Token, challenge.AuthorizationToken);
Console.WriteLine($"File saved as: {challenge.Token} in working directory.");
Console.WriteLine($"Please upload the file to {item.Identifier.Value}/.well-known/acme-challenge/{challenge.Token}");
}
else if (challenge.Type == "dns-01")
{
Console.WriteLine($"Please create a text entry for _acme-challenge.{item.Identifier.Value} with value: {challenge.AuthorizationToken}");
}
else
{
Console.WriteLine($"Unknown challenge type encountered '{challenge.Type}'. Please handle accourdingly.");
}
var result = HandleConsoleInput("Challenge completed? [y/n]", new[] { "y", "yes", "n", "no" });
if (result == "y" || result == "yes")
{
Console.WriteLine("Validating challenge");
var validation = await ValidateChallengeCompletion(challenge, item.Identifier.Value);
if (validation)
{
AuthorizationChallengeResponse c = await CompleteChallenge(acmeClient, challenge, challenge.AuthorizationToken);
while (c.Status == ACMEStatus.Pending)
{
await Task.Delay(5000);
c = await acmeClient.GetAuthorizationChallengeAsync(challenge.Url);
}
Console.WriteLine($"Challenge Status: {c.Status}");
if (c.Status == ACMEStatus.Valid)
{
// no reason to keep going, we have one succesfull challenge!
break;
}
}
else
{
Console.WriteLine($"Validation failed for {item.Identifier.Value}");
}
}
else
{
Console.WriteLine("Skipping challenge");
}
}
}
foreach (Uri challenge in order.Authorizations)
{
AuthorizationChallengeResponse c;
do
{
c = await acmeClient.GetAuthorizationChallengeAsync(challenge);
}while (c == null || c.Status == ACMEStatus.Pending);
if (c.Status == ACMEStatus.Invalid)
{
Console.WriteLine($"Failed to validate domain {c.Identifier.Value}. Aborting");
return;
}
}
order = await acmeClient.UpdateOrderAsync(order);
Console.WriteLine($"Order status:{order.Status}");
while (order.Status == ACMEStatus.Processing)
{
Thread.Sleep(500);
Console.WriteLine("Order status = processing; updating..");
order = await acmeClient.UpdateOrderAsync(order);
}
var certKey = new RSACryptoServiceProvider(4096);
SaveRSAKeyToFile(certKey, $"{FixFilename(order.Identifiers[0].Value)}.key");
Order certOrder = null;
try
{
certOrder = await acmeClient.RequestCertificateAsync(order, certKey);
while (certOrder.Status == ACMEStatus.Processing)
{
Thread.Sleep(500);
Console.WriteLine("Order status = processing; updating..");
certOrder = await acmeClient.UpdateOrderAsync(certOrder);
}
Console.WriteLine(certOrder.Status);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return;
}
X509Certificate2 cert = await acmeClient.GetCertificateAsync(certOrder);
var certdata = cert.Export(X509ContentType.Cert);
var publicKeyFilename = $"{FixFilename(certOrder.Identifiers[0].Value)}.crt";
File.WriteAllBytes(publicKeyFilename, certdata);
Console.WriteLine($"Public certificate written to file {publicKeyFilename}");
// combine the two!
X509Certificate2 properCert = cert.CopyWithPrivateKey(certKey);
Console.WriteLine("Enter password to secure PFX");
System.Security.SecureString password = PasswordInput.ReadPassword();
var pfxData = properCert.Export(X509ContentType.Pfx, password);
var privateKeyFilename = $"{FixFilename(certOrder.Identifiers[0].Value)}.pfx";
File.WriteAllBytes(privateKeyFilename, pfxData);
Console.WriteLine($"Private certificate written to file {privateKeyFilename}");
}