private static async Task <bool> CheckCertAddition( RenewalParameters renewalParams, AzureWebAppEnvironment webAppEnvironment, AcmeConfig acmeConfig, bool staging) { if (renewalParams.RenewXNumberOfDaysBeforeExpiration <= 0) { return(true); } var letsEncryptHostNames = await CertificateHelper.GetLetsEncryptHostNames(webAppEnvironment, staging).ConfigureAwait(false); Trace.TraceInformation("Let's Encrypt host names (staging: {0}): {1}", staging, String.Join(", ", letsEncryptHostNames)); ICollection <string> missingHostNames = acmeConfig.Hostnames.Except(letsEncryptHostNames, StringComparer.OrdinalIgnoreCase).ToArray(); if (missingHostNames.Count > 0) { Trace.TraceInformation( "Detected host name(s) with no associated Let's Encrypt certificates, will add a new certificate: {0}", String.Join(", ", missingHostNames)); return(true); } Trace.TraceInformation("All host names associated with Let's Encrypt certificates, will perform cert renewal"); return(false); }
private static LetsencryptService GetDnsRenewalService(RenewalParameters renewalParams, IAzureDnsEnvironment azureDnsEnvironment, AzureWebAppEnvironment webAppEnvironment) { return(new LetsencryptService( new AcmeClient( new AzureDnsProvider( new AzureDnsSettings( azureDnsEnvironment.ResourceGroupName, azureDnsEnvironment.ZoneName, GetAzureServicePrincipal(azureDnsEnvironment), GetAzureSubscription(azureDnsEnvironment), azureDnsEnvironment.RelativeRecordSetName)), new DnsLookupService(new Logger <DnsLookupService>(s_loggerFactory)), new NullCertificateStore(), new Logger <AcmeClient>(s_loggerFactory)), new NullCertificateStore(), new AzureWebAppService( new[] { new AzureWebAppSettings( webAppEnvironment.WebAppName, webAppEnvironment.ResourceGroupName, GetAzureServicePrincipal(webAppEnvironment), GetAzureSubscription(webAppEnvironment), webAppEnvironment.SiteSlotName, webAppEnvironment.ServicePlanResourceGroupName, renewalParams.UseIpBasedSsl), }, new Logger <AzureWebAppService>(s_loggerFactory)), new Logger <LetsencryptService>(s_loggerFactory))); }
private static async Task RenewCore(RenewalParameters renewalParams) { Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams); Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewalParams.WebApp); var pfxPassData = new byte[32]; s_randomGenerator.GetBytes(pfxPassData); Trace.TraceInformation( "Adding SSL cert for '{0}{1}'...", renewalParams.WebApp, renewalParams.GroupName == null ? string.Empty : $"[{renewalParams.GroupName}]"); var certServiceSettings = new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }; var azureWebAppEnvironment = new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.WebApp, renewalParams.ServicePlanResourceGroup, renewalParams.SiteSlotName) { AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService) }; AzureWebAppEnvironment otherAzureWebAppEnvironment = null; WebAppCertificateService otherWebAppCertificateService = null; if (!string.IsNullOrEmpty(renewalParams.OtherWebAppResourceGroup) && !string.IsNullOrEmpty(renewalParams.OtherWebApp)) { otherAzureWebAppEnvironment = new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.OtherWebAppResourceGroup, renewalParams.OtherWebApp, renewalParams.ServicePlanResourceGroup, renewalParams.OtherSlotName) { AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService) }; otherWebAppCertificateService = new WebAppCertificateService(otherAzureWebAppEnvironment, certServiceSettings); } var azureStorageEnvironment = new AzureStorageEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.StorageConnectionString, renewalParams.StorageContainer); var webAppCertificateService = new WebAppCertificateService(azureWebAppEnvironment, certServiceSettings); var manager = new CertificateManager( azureWebAppEnvironment, new AcmeConfig { Host = renewalParams.Hosts[0], AlternateNames = renewalParams.Hosts.Skip(1).ToList(), RegistrationEmail = renewalParams.Email, RSAKeyLength = renewalParams.RsaKeyLength, PFXPassword = Convert.ToBase64String(pfxPassData), BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString() }, webAppCertificateService, new AzureStorageFileSystemAuthorizationChallengeProvider(azureStorageEnvironment)); if (renewalParams.RenewXNumberOfDaysBeforeExpiration > 0) { await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration); } else { var res = await manager.AddCertificate(); webAppCertificateService.RemoveExpired(); otherWebAppCertificateService?.Install(res); otherWebAppCertificateService?.RemoveExpired(); } Trace.TraceInformation("SSL cert added successfully to '{0}'", renewalParams.WebApp); }
private async Task <int> RenewCore(RenewalParameters renewalParams) { Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams); Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewalParams.WebApp); var pfxPassData = new byte[32]; s_randomGenerator.GetBytes(pfxPassData); Trace.TraceInformation( "Adding SSL cert for '{0}{1}'...", renewalParams.WebApp, renewalParams.GroupName == null ? String.Empty : $"[{renewalParams.GroupName}]"); azureEnvironment = new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.WebApp, renewalParams.ServicePlanResourceGroup, renewalParams.SiteSlotName) { WebRootPath = renewalParams.WebRootPath, AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService), }; var manager = CertificateManager.CreateKuduWebAppCertificateManager( azureEnvironment, new AcmeConfig { Host = renewalParams.Hosts[0], AlternateNames = renewalParams.Hosts.Skip(1).ToList(), RegistrationEmail = renewalParams.Email, RSAKeyLength = renewalParams.RsaKeyLength, PFXPassword = Convert.ToBase64String(pfxPassData), BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString(), }, new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }, new AuthProviderConfig()); var certificatesRenewed = 0; using (webSiteClient = await ArmHelper.GetWebSiteManagementClient(azureEnvironment)) { var isWebAppRunning = IsWebAppRunning(); if (!isWebAppRunning && !await StartWebApp()) { string errorMessage = string.Format("Could not start WebApp '{0}' to renew certificate", renewalParams.WebApp); Trace.TraceError(errorMessage); throw new WebAppException(renewalParams.WebApp, "Could not start WebApp"); } if (await HasCertificate()) { var result = await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration); certificatesRenewed = result.Count; } else { var result = await manager.AddCertificate(); if (result != null) { certificatesRenewed = 1; } } if (!isWebAppRunning && !await StopWebApp()) { Trace.TraceWarning("Could not stop WebApp '{0}' after renewing certificate", renewalParams.WebApp); } } Trace.TraceInformation("SSL cert added successfully to '{0}'", renewalParams.WebApp); return(certificatesRenewed); }
private static async Task RenewCore(RenewalParameters renewalParams) { Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams); Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewalParams.WebApp); var pfxPassData = new byte[32]; s_randomGenerator.GetBytes(pfxPassData); Trace.TraceInformation( "Adding SSL cert for '{0}{1}'...", renewalParams.WebApp, renewalParams.GroupName == null ? String.Empty : $"[{renewalParams.GroupName}]"); CertificateManager manager; if (renewalParams.AuthorizationChallengeBlobStorageAccount == null) { manager = CertificateManager.CreateKuduWebAppCertificateManager( new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.WebApp, renewalParams.ServicePlanResourceGroup, renewalParams.SiteSlotName) { AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService) }, new AcmeConfig { Host = renewalParams.Hosts[0], AlternateNames = renewalParams.Hosts.Skip(1).ToList(), RegistrationEmail = renewalParams.Email, RSAKeyLength = renewalParams.RsaKeyLength, PFXPassword = Convert.ToBase64String(pfxPassData), BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString() }, new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }, new AuthProviderConfig()); } else { var blobProvider = new BlobStorageAuthorizationChallengeProvider(renewalParams.AuthorizationChallengeBlobStorageAccount.ToString()); var azureWebAppEnvironment = new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.WebApp, renewalParams.ServicePlanResourceGroup, renewalParams.SiteSlotName) { AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService) }; manager = new CertificateManager( azureWebAppEnvironment, new AcmeConfig { Host = renewalParams.Hosts[0], AlternateNames = renewalParams.Hosts.Skip(1).ToList(), RegistrationEmail = renewalParams.Email, RSAKeyLength = renewalParams.RsaKeyLength, PFXPassword = Convert.ToBase64String(pfxPassData), BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString() }, new WebAppCertificateService(azureWebAppEnvironment, new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }), blobProvider); } if (renewalParams.RenewXNumberOfDaysBeforeExpiration > 0) { await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration); } else { await manager.AddCertificate(); } Trace.TraceInformation("SSL cert added successfully to '{0}'", renewalParams.WebApp); }