public static void AddLetsEncrypt(this IServiceCollection services, LetsEncryptOptions options) { if (!options.AcceptTermsOfService) { throw new Exception("You must accept Let’s Encrypt terms of service"); } services.Configure <LetsEncryptOptions>(x => { x.EmailAddress = options.EmailAddress; x.CacheFolder = options.CacheFolder; x.AccountKey = options.AccountKey; x.EncryptionPassword = options.EncryptionPassword; x.DaysBefore = options.DaysBefore; x.UseStagingServer = options.UseStagingServer; }); var selector = new CertificateSelector(options); foreach (var host in options.ConfiguredHosts) { var cert = host.FallBackCertificate; if (host.FallBackCertificate == null && !string.IsNullOrEmpty(options.CacheFolder)) { var fileName = Path.Combine(options.CacheFolder, host.HostName + ".pfx"); if (File.Exists(fileName)) { cert = new X509Certificate2(fileName, options.EncryptionPassword); } } selector.Use(host.HostName, cert); } ServiceLocator.SetCertificateSelector(selector); services.AddSingleton <CertificateSelector>(x => selector); services.AddSingleton <AccountManager>(); services.AddSingleton <HttpChallengeResponseMiddleware>(); services.AddSingleton <IHttpChallengeResponseStore, InMemoryHttpChallengeResponseStore>(); services.AddTransient <IConfigureOptions <KestrelServerOptions>, KestrelOptionsSetup>(); services.AddTransient <CertificateBuilderService>(); services.AddHostedService <CertificateRequestService>(); }
public async Task BuildCertificate(IOrderContext order, string hostName) { try { var privateKey = KeyFactory.NewKey(KeyAlgorithm.ES256); var cert = await order.Generate(new CsrInfo { CommonName = hostName }, privateKey); var pfxBuilder = cert.ToPfx(privateKey); var pfx = pfxBuilder.Build(hostName, _options.EncryptionPassword); var x509Cert = new X509Certificate2(pfx, _options.EncryptionPassword); _certificateSelector.Use(hostName, x509Cert); if (!string.IsNullOrEmpty(_options.CacheFolder)) { var fileName = Path.Combine(_options.CacheFolder, hostName + ".pfx"); if (File.Exists(fileName)) { File.Delete(fileName); } File.WriteAllBytes(fileName, pfx); } _logger.LogInformation($"New certificate generated for {hostName}"); } catch (Exception e) { _logger.LogError(e.ToString()); throw; } }