Generate and use certificates automatically in .net (ASP/Blazor etc.)
This post is about the implementation and usage of LettuceEncrypt, to enable the generation and usage of certificates in C#
Some time ago, I had the urge, to create a url-shortening service, not to actually create something profitable out of it but to say “look at me, I have my own url-shortener”.
And so I began to bring this little project to life, for it I wanted to use blazor, since I fell in love with blazor (server) a long while ago, when I first got in touch with it.
Creating the application using blazor and sqlite was great but I spent many hours to find a way to use a domain and blazor, in order to enable https for the application. Creating and implementing a certificate to enable https with a domain name shouldn’t be that hard right? “But it was going to be a hard task”, that’s what I would have said, if I hadn’t found out about LettuceEncrypt (Github). Using this library, I can verify the domain ownership, generate a let’s encrypt certificate and implement it for the use with my domain with 10–14 lines of code.
But of course, the domain you want to use with the application, has to point to the server on which the application is running on, so the application (LettuceEncrypt), can verify the ownership of the domain.
The dns-entries as an example:
It is important to note that “ASP.NET Core with Kestrel Behind a Reverse Proxy is NOT supported” — So what that means, you have to configure cloudflare (or any other provider), to use “dns-only”. That is needed, because the connections mustn’t be proxied before reaching the application, so that the application handles the connection, not cloudflare.
But now, how to use LettuceEncrypt?
It’s simple, just
- get the nuget package: https://www.nuget.org/packages/LettuceEncrypt
- add the service to the WebApplicationBuilder like this:
builder.Services.AddLettuceEncrypt();- configure the application to use kestrel using UseKestrel(), inside of it configure the ports and enable LettuceEncrypt like so:
builder.WebHost.UseKestrel(k =>
{
IServiceProvider appServices = k.ApplicationServices;
k.Listen(
IPAddress.Any, 443,
o => o.UseHttps(h =>
{
h.UseLettuceEncrypt(appServices);
}));
});- and lastly, add a small portion of content into the appsettings.json of your application, you need something like this (depending on your needs):
"LettuceEncrypt": {
// Set this to automatically accept the terms of service of your certificate authority.
// If you don't set this in config, you will need to press "y" whenever the application starts
"AcceptTermsOfService": true,
// You must at least one domain name
"DomainNames": [ "yourdomainname.topleveldomain", "www.yourdomainname.topleveldomain"," ],
// You must specify an email address to register with the certificate authority
"EmailAddress": "YourMail@ThatIsImportant.tld"
}There are a few other ways to use LettuceEncrypt, you can see all inside the readme of the project: https://github.com/natemcmaster/LettuceEncrypt/blob/main/README.md
If you’re interested, to see what it can look like, just visit my shortener: (removed)
Please be aware of the note the creator of LettuceEncrypt added to the project a while ago, when considering to use LettuceEncrypt, non the less it works perfectly as it should:
This project is in maintenance mode. I lost interest in developing features. I will make a patch if there is a security issue. I’ll also consider an update if a new .NET major version breaks and the patch fix required is small. Please see https://github.com/natemcmaster/LettuceEncrypt/security/policy if you wish to report a security concern.
I hope this short post helped anybody searching for help on this particular topic, I wish I had found LettuceEncrypt a bit earlier. But nevermind, I learned something and I think that is the most important thing, right?
