Let's Encrypt is a free, automated, and open Certificate Authority. This project provides API for ASP.NET Core projects to use Let's Encrypt.
When enabled, your web server will use the Let's Encrypt certificate authority and automatically generate an HTTPS certificate when the server starts up. It then configures Kestrel to use this certificate for all HTTPs traffic.
⚠️ This only works with Kestrel, which is the default server configuration for ASP.NET Core projects. Other servers, such as IIS and nginx, are not supported.
☁️ Azure App Services (aka WebApps) are not supported with this package. You can still get free Let's Encrypt certificates, but it requires a different configuration method. See "Securing An Azure App Service with Let's Encrypt" by Scott Hanselman for more details.
Install this package into your project using NuGet (see details here).
The primary API usage is to call IServiceCollection.AddLetsEncrypt
in the Startup
class ConfigureServices
method.
using Microsoft.Extensions.DependencyInjection;
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddLetsEncrypt();
}
}
A few required options should be set, typically via the appsettings.json file.
// appsettings.json
{
"LetsEncrypt": {
// Set this to automatically accept Let's Encrypt's terms of service.
// If you don't set this in config, you will need to press "y" whenever the application starts
"AcceptTermsOfService": true,
// You must at least one domain name
"DomainNames": [ "example.com", "www.example.com" ],
// You must specify an email address to register with letsencrypt.org
"EmailAddress": "it-admin@example.com"
}
}
See the developer docs for details on how to test Let's Encrypt in a non-production environment.