Webprofusion.Certes

Release 2.3.7

A client implementation for the Automated Certificate Management Environment (ACME) protocol. This package is a fork of the excellent https://github.com/fszlin/certes project with updated packaging and feature updates. Used by https://certifytheweb.com

Homepage NuGet C# Download

Keywords
Certes, letsencrypt, ACME, HTTPS, SSL, Certificate, dotnettool, dotnet
License
MIT
Install
Install-Package Webprofusion.Certes -Version 2.3.7

Documentation

Anvil

The project is a fork of https://github.com/fszlin/certes with packaging updates, feature updates and experimental extensions.

This library is an ACME client implementation primarily used by https://certifytheweb.com and is subject to changes required by that application.

Extended Features:

  • ACME ARI (renewal info)
  • Certificate chain build does not require installed/embedded root cert
  • Optional use of modern PFX cert/key algorithms for OpenSSL 3.x+ compatibility
  • Authority token challenges, tkauth-01 and TnAuthList

Account

Creating new ACME account:

var acme = new AcmeContext(WellKnownServers.LetsEncryptStagingV2);
var account = await acme.NewAccount("admin@example.com", true);

// Save the account key for later use
var pemKey = acme.AccountKey.ToPem();

Use an existing ACME account:

// Load the saved account key
var accountKey = KeyFactory.FromPem(pemKey);
var acme = new AcmeContext(WellKnownServers.LetsEncryptStagingV2, accountKey);
var account = await acme.Account();

See API doc for additional operations.

Order

Place a wildcard certificate order (DNS validation is required for wildcard certificates)

var order = await acme.NewOrder(new[] { "*.your.domain.name" });

Generate the value for DNS TXT record

var authz = (await order.Authorizations()).First();
var dnsChallenge = await authz.Dns();
var dnsTxt = acme.AccountKey.DnsTxt(dnsChallenge.Token);

Add a DNS TXT record to _acme-challenge.your.domain.name with dnsTxt value.

For non-wildcard certificate, HTTP challenge is also available

var order = await acme.NewOrder(new[] { "your.domain.name" });

Authorization

Get the token and key authorization string

var authz = (await order.Authorizations()).First();
var httpChallenge = await authz.Http();
var keyAuthz = httpChallenge.KeyAuthz;

Save the key authorization string in a text file, and upload it to http://your.domain.name/.well-known/acme-challenge/<token>

Validate

Ask the ACME server to validate our domain ownership

await challenge.Validate();

Certificate

Download the certificate once validation is done

var privateKey = KeyFactory.NewKey(KeyAlgorithm.ES256);
var cert = await order.Generate(new CsrInfo
{
    CommonName = "your.domain.name",
}, privateKey);

Export full chain certification

var certPem = cert.ToPem();

Export PFX

var pfxBuilder = cert.ToPfx(privateKey);
var pfx = pfxBuilder.Build("my-cert", "abcd1234");

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
8
Latest release
First release
Stars
20
Forks
3
Watchers
5
Contributors
19
Repository size
1.74 MB
SourceRank
10

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.4.1
2.4.0
2.3.9
2.3.8
2.3.7
2.3.6
2.3.5
2.4.2

Contributors

Eddie Lin Christopher Cook Eric silentbob Patric Forsgard zr-ari Levi Carter Guillaume Raymond BI7PRK popony David Pendray Nitin Agarwal Ricky Nate McMaster Xaver Schulz Jeffrey Verbeek campersau Grzegorz Margol Simon Hoade


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-06-09 01:40:09 UTC

Login to resync this project