public void Install(ICertificateInstallModel model)
{
var cert = model.CertificateInfo;
using (var webSiteClient = ArmHelper.GetWebSiteManagementClient(azureEnvironment))
{
var s = webSiteClient.WebApps.GetSiteOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName);
Trace.TraceInformation(String.Format("Installing certificate {0} on azure with server farm id {1}", cert.Name, s.ServerFarmId));
var newCert = new Certificate()
{
PfxBlob = cert.PfxCertificate,
Password = cert.Password,
Location = s.Location,
ServerFarmId = s.ServerFarmId,
Name = model.Host + "-" + cert.Certificate.Thumbprint
};
//BUG https://github.com/sjkp/letsencrypt-siteextension/issues/99
//using this will not install the certificate with the correct webSpace property set,
//and the app service will be unable to find the certificate if the app service plan has been moved between resource groups.
//webSiteClient.Certificates.CreateOrUpdate(azureEnvironment.ServicePlanResourceGroupName, cert.Certificate.Subject.Replace("CN=", ""), newCert);
var client = ArmHelper.GetHttpClient(azureEnvironment);
var body = JsonConvert.SerializeObject(newCert, JsonHelper.DefaultSerializationSettings);
var t = client.PutAsync($"/subscriptions/{azureEnvironment.SubscriptionId}/resourceGroups/{azureEnvironment.ServicePlanResourceGroupName}/providers/Microsoft.Web/certificates/{newCert.Name}?api-version=2016-03-01", new StringContent(body, Encoding.UTF8, "application/json")).Result;
t.EnsureSuccessStatusCode();
foreach (var dnsName in model.AllDnsIdentifiers)
{
var sslState = s.HostNameSslStates.FirstOrDefault(g => g.Name == dnsName);
if (sslState == null)
{
sslState = new HostNameSslState()
{
Name = model.Host,
SslState = settings.UseIPBasedSSL ? SslState.IpBasedEnabled : SslState.SniEnabled,
};
s.HostNameSslStates.Add(sslState);
}
else
{
//First time setting the HostNameSslState it is set to disabled.
sslState.SslState = settings.UseIPBasedSSL ? SslState.IpBasedEnabled : SslState.SniEnabled;
}
sslState.ToUpdate = true;
sslState.Thumbprint = cert.Certificate.Thumbprint;
}
webSiteClient.WebApps.BeginCreateOrUpdateSiteOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName, s);
}
}
public async Task Install(ICertificateInstallModel model)
{
logger.LogInformation("Starting installation of certificate {Thumbprint} for {Host}", model.CertificateInfo.Certificate.Thumbprint, model.Host);
var cert = model.CertificateInfo;
foreach (var setting in this.settings)
{
logger.LogInformation("Installing certificate for web app {WebApp}", setting.WebAppName);
try
{
IAppServiceManager appServiceManager = GetAppServiceManager(setting);
var s = appServiceManager.WebApps.GetByResourceGroup(setting.ResourceGroupName, setting.WebAppName);
IWebAppBase siteOrSlot = s;
if (!string.IsNullOrEmpty(setting.SiteSlotName))
{
var slot = s.DeploymentSlots.GetByName(setting.SiteSlotName);
siteOrSlot = slot;
}
var existingCerts = await appServiceManager.AppServiceCertificates.ListByResourceGroupAsync(setting.ServicePlanResourceGroupName ?? setting.ResourceGroupName);
if (existingCerts.Where(_ => _.RegionName == s.RegionName).All(_ => _.Thumbprint != cert.Certificate.Thumbprint))
{
await appServiceManager.AppServiceCertificates.Define($"{cert.Certificate.Thumbprint}-{model.Host}-{s.RegionName}").WithRegion(s.RegionName).WithExistingResourceGroup(setting.ServicePlanResourceGroupName ?? setting.ResourceGroupName).WithPfxByteArray(model.CertificateInfo.PfxCertificate).WithPfxPassword(model.CertificateInfo.Password).CreateAsync();
}
var sslStates = siteOrSlot.HostNameSslStates;
var domainSslMappings = new List <KeyValuePair <string, HostNameSslState> >(sslStates.Where(_ => _.Key.Contains($"{model.Host}")));
if (domainSslMappings.Any())
{
foreach (var domainMapping in domainSslMappings)
{
string hostName = domainMapping.Value.Name;
if (domainMapping.Value.Thumbprint == cert.Certificate.Thumbprint)
{
continue;
}
logger.LogInformation("Binding certificate {Thumbprint} to {Host}", model.CertificateInfo.Certificate.Thumbprint, hostName);
var binding = new HostNameBindingInner()
{
SslState = setting.UseIPBasedSSL ? SslState.IpBasedEnabled : SslState.SniEnabled,
Thumbprint = model.CertificateInfo.Certificate.Thumbprint
};
if (!string.IsNullOrEmpty(setting.SiteSlotName))
{
await appServiceManager.Inner.WebApps.CreateOrUpdateHostNameBindingSlotAsync(setting.ResourceGroupName, setting.WebAppName, hostName, binding, setting.SiteSlotName);
}
else
{
await appServiceManager.Inner.WebApps.CreateOrUpdateHostNameBindingAsync(setting.ResourceGroupName, setting.WebAppName, hostName, binding);
}
}
}
}
catch (Exception e)
{
logger.LogCritical(e, "Unable to install certificate for '{WebApp}'", setting.WebAppName);
throw;
}
}
}
public void Install(ICertificateInstallModel model)
{
throw new NotImplementedException();
}
public Task Install(ICertificateInstallModel model)
{
return(Task.CompletedTask);
}
