ebekker
commented
4 years ago So you want to test to see if a cert is already expired? Is that the challenge, inspecting the expiration date of the currently installed cert?
Closed AraHaan closed 4 years ago
ebekker
commented
4 years ago So you want to test to see if a cert is already expired? Is that the challenge, inspecting the expiration date of the currently installed cert?
AraHaan
commented
4 years ago That and issuing a new one automatically to be used with Kestrel automatically without needing to restart it.
ebekker
commented
4 years ago Yes it's quite possible, but you would pby be more interested in the spin-off project ACMESharpCore which is a .NET Standard-based version of an ACME client and specifically the Kestrel example that shows you how to do what you're asking about.
The secret sauce is mostly in this IHostedService which handles the ACME interactions for obtaining certificates for the requested domain names.
Additionally, you need to configure a custom service selector -- this delegates control of what certificate Kestrel uses for each connection to your own custom code logic. And with that you can select any one of the previously available certificates (already issued by LE via the IHostedService) or any future certs that will be issued to replace expiring certs. This is all dynamic so it would not require a restart of the Kestrel server to update a cert.
So I use asp.net core 3.1, I would like to be able to have my api automatically check for if the cert expires before issuing a new one to replace it.
Think this is possible?