public static void AddLetsEncrypt(this IServiceCollection services, LetsEncryptOptions options)
{
if (!options.AcceptTermsOfService)
{
throw new Exception("You must accept Let’s Encrypt terms of service");
}
services.Configure <LetsEncryptOptions>(x =>
{
x.EmailAddress = options.EmailAddress;
x.CacheFolder = options.CacheFolder;
x.AccountKey = options.AccountKey;
x.EncryptionPassword = options.EncryptionPassword;
x.DaysBefore = options.DaysBefore;
x.UseStagingServer = options.UseStagingServer;
});
var selector = new CertificateSelector(options);
foreach (var host in options.ConfiguredHosts)
{
var cert = host.FallBackCertificate;
if (host.FallBackCertificate == null && !string.IsNullOrEmpty(options.CacheFolder))
{
var fileName = Path.Combine(options.CacheFolder, host.HostName + ".pfx");
if (File.Exists(fileName))
{
cert = new X509Certificate2(fileName, options.EncryptionPassword);
}
}
selector.Use(host.HostName, cert);
}
ServiceLocator.SetCertificateSelector(selector);
services.AddSingleton <CertificateSelector>(x => selector);
services.AddSingleton <AccountManager>();
services.AddSingleton <HttpChallengeResponseMiddleware>();
services.AddSingleton <IHttpChallengeResponseStore, InMemoryHttpChallengeResponseStore>();
services.AddTransient <IConfigureOptions <KestrelServerOptions>, KestrelOptionsSetup>();
services.AddTransient <CertificateBuilderService>();
services.AddHostedService <CertificateRequestService>();
}
public async Task BuildCertificate(IOrderContext order, string hostName)
{
try
{
var privateKey = KeyFactory.NewKey(KeyAlgorithm.ES256);
var cert = await order.Generate(new CsrInfo
{
CommonName = hostName
}, privateKey);
var pfxBuilder = cert.ToPfx(privateKey);
var pfx = pfxBuilder.Build(hostName, _options.EncryptionPassword);
var x509Cert = new X509Certificate2(pfx, _options.EncryptionPassword);
_certificateSelector.Use(hostName, x509Cert);
if (!string.IsNullOrEmpty(_options.CacheFolder))
{
var fileName = Path.Combine(_options.CacheFolder, hostName + ".pfx");
if (File.Exists(fileName))
{
File.Delete(fileName);
}
File.WriteAllBytes(fileName, pfx);
}
_logger.LogInformation($"New certificate generated for {hostName}");
}
catch (Exception e)
{
_logger.LogError(e.ToString());
throw;
}
}
