Skip to content

Allows loading of TLS certificates for .NET 6.0/7.0/8.0/9.0 Kestrel web applications, allowing for refreshing of certificates as well as compatibility with HTTP/3.

License

Notifications You must be signed in to change notification settings

MarkCiliaVincenti/TlsCertificateLoader

Repository files navigation

TlsCertificateLoader TlsCertificateLoader

GitHub Workflow Status Nuget Nuget

Allows loading of TLS (HTTPS) certificates for .NET 6.0/7.0/8.0/9.0 Kestrel web applications, allowing for refreshing of certificates as well as compatibility with HTTP/3. Fully compatible with certificates obtained by Certbot (see sample project without middleware or see sample project using middleware).

Installation

The recommended means is to use NuGet, but you could also download the source code from here.

Usage without middleware

TlsCertificateLoader.TlsCertificateLoader tlsCertificateLoader = new(fullChainPemFilePath, privateKeyPemFilePath);
options.ListenAnyIp(433, o =>
{
     o.SetTlsHandshakeCallbackOptions(tlsCertificateLoader);
     o.SetHttpsConnectionAdapterOptions(tlsCertificateLoader);
     o.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
});

And to refresh (eg either on a Timer or watching a directory via PhysicalFileProvider):

tlsCertificateLoader.RefreshDefaultCertificates();

You may also add additional certificate collection for other hostnames (for example if you want to set up mydomain.tld as your default certificate and www.mydomain.tld as your alternate one):

tlsCertificateLoader.AddAdditionalCertificates("www.mydomain.tld", fullChainWwwPemFilePath, privateKeyWwwPemFilePath);

And to refresh additional certificate collections (eg either on a Timer or watching a directory via PhysicalFileProvider):

tlsCertificateLoader.RefreshAdditionalCertificates("www.mydomain.tld");

A sample project using Certbot is available.

Usage with Certbot middleware

Refer to the sample project using Certbot using middleware.

Credits

David Fowler for this idea.