public string[] GetCertificatesAboutToExpire()
{
var certs = _store.ToArray();
var result = new List <string>();
foreach (var cert in certs)
{
bool mustRequest;
if (cert.Value == null)
{
mustRequest = true;
}
else
{
mustRequest = !_certificateValidator.IsCertificateValid(_named, cert.Value);
}
if (mustRequest)
{
result.Add(cert.Key);
}
}
return(result.ToArray());
}
public async Task <CertificateRenewalResult> RenewCertificateIfNeeded(IAbstractCertificate current = null)
{
_logger.LogInformation("Checking to see if in-memory LetsEncrypt certificate needs renewal.");
if (_certificateValidator.IsCertificateValid(current))
{
_logger.LogInformation("Current in-memory LetsEncrypt certificate is valid.");
return(new CertificateRenewalResult(current, CertificateRenewalStatus.Unchanged));
}
_logger.LogInformation("Checking to see if existing LetsEncrypt certificate has been persisted and is valid.");
var persistedSiteCertificate = await _persistenceService.GetPersistedSiteCertificateAsync();
if (_certificateValidator.IsCertificateValid(persistedSiteCertificate))
{
_logger.LogInformation("A persisted non-expired LetsEncrypt certificate was found and will be used: {Thumbprint}", persistedSiteCertificate.Thumbprint);
return(new CertificateRenewalResult(persistedSiteCertificate, CertificateRenewalStatus.LoadedFromStore));
}
_logger.LogInformation("No valid certificate was found. Requesting new certificate from LetsEncrypt.");
var newCertificate = await RequestNewLetsEncryptCertificate();
return(new CertificateRenewalResult(newCertificate, CertificateRenewalStatus.Renewed));
}
public async Task StartAsync(CancellationToken cancellationToken)
{
if (!(_server is KestrelServer))
{
var serverType = _server.GetType().FullName;
_logger.LogWarning("LetsEncrypt can only be used with Kestrel and is not supported on {serverType} servers. Skipping certificate provisioning.", serverType);
await Task.CompletedTask;
}
if (_config.GetValue <bool>("UseIISIntegration"))
{
_logger.LogWarning("LetsEncrypt does not work with apps hosting in IIS. IIS does not allow for dynamic HTTPS certificate binding, " +
"so if you want to use Let's Encrypt, you'll need to use a different tool to do so.");
await Task.CompletedTask;
}
var devCerts = _developmentCertificate.GetCertificates();
if (devCerts.Any())
{
devCerts.ToList().ForEach(c => _certificateSelector.Add(c));
}
foreach (var domainName in _accountOptions.Domains)
{
foreach (var store in _stores.Where(x => x.Configured))
{
var cert = await store.LoadAsync(
domainName,
_certificateOptions?.CertificatePassword ?? string.Empty,
cancellationToken);
if (!_certificateValidator.IsCertificateValid(store.NamedOption, cert))
{
#pragma warning disable CA2008 // Do not create tasks without passing a TaskScheduler
#pragma warning disable CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
Task.Factory.StartNew(async() =>
{
const string ErrorMessage = "Failed to create certificate";
try
{
await CreateAcmeOrder(domainName, store, cancellationToken);
}
catch (AggregateException ex) when(ex.InnerException != null)
{
_logger.LogError(0, ex.InnerException, ErrorMessage);
}
catch (Exception ex)
{
_logger.LogError(0, ex, ErrorMessage);
}
});
#pragma warning restore CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
#pragma warning restore CA2008 // Do not create tasks without passing a TaskScheduler
}
else
{
_certificateSelector.Add(cert !);
}
}
}
}
