Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Now that "LetsEncryptRenewalService.Certificate" is internal, how do you get the cert for ServerCertificateSelector? #124

Open
zigszigsdk opened this issue Aug 28, 2020 · 4 comments
Open

Now that "LetsEncryptRenewalService.Certificate" is internal, how do you get the cert for ServerCertificateSelector? #124

zigszigsdk opened this issue Aug 28, 2020 · 4 comments

Comments

@zigszigsdk
Copy link
Contributor

zigszigsdk commented Aug 28, 2020
edited
Loading

I have the following code running an older version of what was then called LetsEncrypt:

        private static void ConfigureWebHostForHttpAndHttps(IWebHostBuilder webHostBuilder, StandardConfiguration standardConfiguration)
        {
            webHostBuilder.UseUrls($"http://0.0.0.0:{standardConfiguration.Http.HttpPort}", $"https://0.0.0.0:{standardConfiguration.Http.HttpsPort}");
            webHostBuilder.UseKestrel(kestrelOptions =>
                kestrelOptions.ConfigureHttpsDefaults(httpsOptions =>
                {
                    httpsOptions.ServerCertificateSelector = SslCertificateSelector;
                    httpsOptions.SslProtocols = sslProtocols;
                    httpsOptions.OnAuthenticate = SslOptionConfigurer;
                }));
        }

        private static X509Certificate2 SslCertificateSelector(ConnectionContext c, string s) => 
            LetsEncryptRenewalService.Certificate;

I want to update to a newer version of EncryptWeMust, however the above Certificate on LetsEncryptRenewalService was marked as internal in this commit.

How do I fetch the certificate now?

Edit: I suppose I could be naughty and get it with reflection, but I'd rather do it the right way.
@ffMathy
Copy link
Owner

ffMathy commented Aug 28, 2020

You simply shouldn't have to. That step is no longer required.

@zigszigsdk
Copy link
Contributor Author

zigszigsdk commented Aug 28, 2020
edited
Loading

Does this mean that if I still call ConfigureHttpsDefaults but without setting a ServerCertificateSelector, it would still work? In other words, the call to ConfigureHttpsDefaults for other reasons will not collide with providing the cert?

        private static void ConfigureWebHostForHttpAndHttps(IWebHostBuilder webHostBuilder, StandardConfiguration standardConfiguration)
        {
            webHostBuilder.UseUrls($"http://0.0.0.0:{standardConfiguration.Http.HttpPort}", $"https://0.0.0.0:{standardConfiguration.Http.HttpsPort}");
            webHostBuilder.UseKestrel(kestrelOptions =>
                kestrelOptions.ConfigureHttpsDefaults(httpsOptions =>
                {
                    httpsOptions.SslProtocols = sslProtocols;
                    httpsOptions.OnAuthenticate = SslOptionConfigurer;
                }));
        }

@ffMathy
Copy link
Owner

ffMathy commented Sep 8, 2020

Yes, fairly certain about that 👍 let me know how it goes.

@Viir
Copy link

Viir commented Mar 22, 2024

This document from Microsoft seems related: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-8.0

https://github.com/dotnet/AspNetCore.Docs/blob/c73d571a0a892aaa2723bfcb118348abfa22024d/aspnetcore/fundamentals/servers/kestrel/endpoints.md?plain=1#L395

It also says:

Calling ConfigureHttpsDefaults multiple times replaces prior Action instances with the last Action specified.

Viir added a commit to pine-vm/pine that referenced this issue Mar 22, 2024
@Viir
Remove ConfigureHttpsDefaults to avoid collision with FluffySpoon.Asp…
877c369 
…Net.EncryptWeMust

The library we use for LetsEncrypt invokes 'ConfigureHttpsDefaults' at https://github.com/ffMathy/FluffySpoon.AspNet.EncryptWeMust/blob/6f6ac68cad178abadb5838edc8b29274d72d3519/src/FluffySpoon.AspNet.EncryptWeMust/KestrelOptionsSetup.cs#L22-L25
Also see <https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-8.0>
An excerpt from the documentation from Microsoft:
> Calling ConfigureHttpsDefaults multiple times replaces prior Action instances with the last Action specified.

Related discussion at <ffMathy/FluffySpoon.AspNet.EncryptWeMust#124 (comment)>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zigszigsdk @ffMathy @Viir