GithubHelp home page GithubHelp logo

azureletsencrypt's Introduction

AzureLetsEncrypt

Simple tool to add a Let's Encrypt SSL certificate to your websites. This application is a .NET Core tool that generates an SSL certificate, validates it with LetsEncrypt and publishes it on an Azure Web App.

The detailled steps to create a SSL certificate and validate it with the Let’s Encrypt Certificate Authority are described in my blog : https://dvoituron.com/2018/01/29/ssl-certification-azure-letsencrypt. This tool automates these steps.

How to use AzureLetsEncrypt ?

Generate a certificate manually

2 minutes of a live demo: https://youtu.be/OCKpC1W4Wks

Use the NuGet .NET Tool: https://www.nuget.org/packages/Dvoituron.Tools.AzureLetsEncrypt The procedure steps are here.

Publish automatically to Azure

  1. Download the last release of AzureLetsEncrypt

  2. Edit the AppSettings.json file with your personnal information:

    {
    "azure": {
        "clientId": "[clientId]",
        "clientSecret": "[clientSecret]",
        "tenantId": "[tenantId]",
        "webAppResourceId": "[ResourceID]",
        "resourceGroup": "[ResourceGroup]"
    },
    "certificate": {
        "domains": [
            "mydomain.com",
            "www.mydomain.com"
        ],
        "password": "MyP@ssword",
    }
}

    • clientId, clientSecret, tenantId: To get these Ids, open a Cloud shell in Azure portal and run this command

      az ad sp create-for-rbac --sdk-auth

      You can also install Azure CLI on your PC, and execute az login and az ad sp create-for-rbac --sdk-auth.

    • resourceId, resourceGroup: in Azure portal, go to App Services > [Web App] > Properties > Resource ID and Resource Group.

    • domains: write all domains to include in the Pfx certificate. Your domains must be accessible (ex. http://mydomain.com must return a web content).

    • password: define a secret password to protect the generated Pfx. Keep in mind this password to install the pfx file later.

  3. Save and include the new AppSettings.json file in the release ZIP package.

  4. Go to Azure portal, navigate to your Web App Service, and select the WebJobs section.

    • Add a new WebJob
    • Define a job name (ex. RenewSsl)
    • Select your local ZIP file name, adapted with your AppSettings.json
    • Define the job type as Triggered
      • Trigger type : Scheduled
      • CRON Expression: 0 0 3 1 * * Each first day of month, at 3AM
    • Save this new Job. You can Run this job for the first time to validate it. Go to the SSL settings section to check you new SSL certificate.

azureletsencrypt's People

Contributors

dvoituron avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

ponchautf marcelobarbieri

azureletsencrypt's Issues

Error while generating new certificate

Hello,
I have an error while generating new certificate. This is console output:
`D:\home>md AzureLetsEncrypt

D:\home>
D:\home\AzureLetsEncrypt>dotnet AzureLetsEncrypt.dll
$> Creation of './store' folder
$> openssl genrsa -out ./store/admin-bezsousedu-cz-private.key 2048
WARNING: can't open config file: C:/OpenSSL/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
....................+++
...+++
e is 65537 (0x10001)

$> openssl genrsa -out ./store/admin-bezsousedu-cz-account-le.key 4096
WARNING: can't open config file: C:/OpenSSL/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 4096 bit long modulus
.....................++
..............................++
e is 65537 (0x10001)

$> Creation of 'D:/home/site/wwwroot.well-known\acme-challenge' folder
$> le64 --key ./store/admin-bezsousedu-cz-account-le.key --csr ./store/admin-bezsousedu-cz-signing-le.csr --csr-key ./store/admin-bezsousedu-cz-private.key --crt ./store/admin-bezsousedu-cz.crt --domains "admin.bezsousedu.cz" --generate-missing --path D:/home/site/wwwroot.well-known\acme-challenge\ --unlink --live
2019/12/03 15:02:14 [ ZeroSSL Crypt::LE client v0.32 started. ]
2019/12/03 15:02:14 Loading an account key from ./store/admin-bezsousedu-cz-account-le.key
2019/12/03 15:02:14 Generating a new CSR for domains admin.bezsousedu.cz
2019/12/03 15:02:14 New CSR will be based on './store/admin-bezsousedu-cz-private.key' key
2019/12/03 15:02:14 Saving a new CSR into ./store/admin-bezsousedu-cz-signing-le.csr
2019/12/03 15:02:15 Registering the account key
2019/12/03 15:02:15 Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

$> Remove the 'D:/home/site/wwwroot.well-known\acme-challenge' folder
ERROR: GENERATIION FAILED.`

Am I doing something wrong? I followed your youtute tutorial.

Many thanks.

SSL connection failed for acme-v02.api.letsencrypt.org

SSL connection failed for acme-v02.api.letsencrypt.org: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed on generate SSL.

Its my curl response:

curl -v https://acme-v02.api.letsencrypt.org/directory
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 172.65.32.248:443...

  • Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: D:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
    CApath: none
    } [5 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
    { [122 bytes data]
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    { [19 bytes data]
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
    { [3025 bytes data]
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
    { [264 bytes data]
  • TLSv1.3 (IN), TLS handshake, Finished (20):
    { [52 bytes data]
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    } [1 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
    } [52 bytes data]
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=acme-v01.api.letsencrypt.org
  • start date: Oct 18 20:04:26 2021 GMT
  • expire date: Jan 16 20:04:25 2022 GMT
  • subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
  • issuer: C=US; O=Let's Encrypt; CN=R3
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    } [5 bytes data]
  • Using Stream ID: 1 (easy handle 0x950360)
    } [5 bytes data]

GET /directory HTTP/2

Host: acme-v02.api.letsencrypt.org

user-agent: curl/7.71.1

accept: /

{ [5 bytes data]

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [57 bytes data]
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [57 bytes data]
  • old SSL session ID is stale, removing
    { [5 bytes data]
  • Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
    } [5 bytes data]
    < HTTP/2 200

< server: nginx

< date: Thu, 21 Oct 2021 06:22:58 GMT

< content-type: application/json

< content-length: 658

< cache-control: public, max-age=0, no-cache

< x-frame-options: DENY

< strict-transport-security: max-age=604800

<

{ [658 bytes data]
100 658 100 658 0 0 3500 0 --:--:-- --:--:-- --:--:-- 3655{
"W0X5metR8HE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}

  • Connection #0 to host acme-v02.api.letsencrypt.org left intact

any way to fix this error?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.