.NET 5 support
ZaldronGG opened this issue ยท 15 comments
While setting up LettuceEncrypt (DigitalOcean droplet, .NET 5 RC, ASP.NET Core app via docker) I noticed the following warning:
warn: LettuceEncrypt.Internal.AcmeCertificateLoader[0]
LettuceEncrypt can only be used with Kestrel and is not supported on Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl servers. Skipping certificate provisioning.
There's a sanity check in https://github.com/natemcmaster/LettuceEncrypt/blob/main/src/LettuceEncrypt/Internal/AcmeCertificateLoader.cs that specifically checks the IServer instance is in fact a KestrelServer.
After checking Kestrel's repo it appears there is now a KestrelServer and a KestrelServerImpl, both implementing IServer (KestrelServer wraps/decorates KestrelServerImpl).
Is this an easy fix or an indication of further differences in dotnet 3.1 vs 5 when it comes to Kestrel? How does .NET 5 support fit into the roadmap? Am I just dumb and misinterpreting something?
Thanks for your hard work!
Yeah, type checks like that are kind-of brittle. I don't expect any functionality is actually broken, but 5.0 has had a lot of TLS improvements that this library might be able to take advantage of.
Actually adding 5.0 support shouldn't be hard, the biggest challenge is that it requires preview tooling and SDKs that aren't readily available on build agents.
As a short term mitigation this type check could be replaced by a string StartsWith check on the type name to make it compatible with both the 3.1 and 5.0 types without actually targeting 5.0. Want to give it a try?
Sure thing, I'll whip something up tonight
FWIW, I believe the UseDotNet@2 task can provision .net 5 RC if you use the right wildcard, I'll try it out.
Using
-task: UseDotNet@2
inputs:
packageType: 'sdk'
useGlobalJson: true
and a global.json file in the repository root containing this
{
"sdk": {
"version": "5.0.100-preview.7.20366.6",
"allowPrerelease": true,
"rollForward": "major"
}
}
does work for my azure pipelines builds.
I am pretty sure you can easily target the release candidate using 5.0.100-rc.1.20452.10 as version.
Although VS 2019 users might be pissed off because you need VS 2019 v16.8 Preview 2 or 3 to build anything higher than 5.0.100-preview.7. CLI and VS Code users should be fine
Seems like this should be pretty simple to fix. We can add another target framework to this project for the .NET 5 specific changes. Marking as 'help wanted'. Please comment if you're interested in taking on this issue and would be willing to send a PR.
5.0 has had a lot of TLS improvements that this library might be able to take advantage of.
@Tratcher good to know. I haven't been paying attention. Can you share a link to related issues, blogs, docs?
Note .NET 5 will roll out on github CI agents starting Nov 16th. actions/runner-images#1891
Async SNI: dotnet/aspnetcore#25390
I've popped a quick PR up to implement the first suggestion here, but feel free to close if a more full featured solution would be preferred. I'm unfortunately unlikely to find time to properly look into fully supporting net5 any time soon (although anecdotally the site I needed this for is working fine with just that change.
Running on Linux .Net 5.0 I also get the following error: LettuceEncrypt can only be used with Kestrel and is not supported on Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl servers. Skipping certificate provisioning.
We are migrating some projects to .Net 5.0. This needs to be fixed ASAP. Please :-).
Thanks for the contribution @davidMuir to unblock the kestrel issue. I have put #159 into the 1.0.1 patch: https://github.com/natemcmaster/LettuceEncrypt/releases/tag/v1.0.1
I'm leaving this issue open as there are other changes to make to improve it support for .NET 5, such as using async SNI.
Thank you for your patience with this project. Work done on this project isn't commissioned, so things tend to get done when someone volunteers time to fix or implement something. I keep an eye on this project and will help shepherd releases for fixes, but I'm not actively developing this on my own. More contributions are welcome!
I'm using LettuceEncrypt 1.1.0-beta.73 on .NET 5 but I still get the same error:
LettuceEncrypt can only be used with Kestrel and is not supported on Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl servers. Skipping certificate provisioning.
Is there any kind of workaround?
I'm using LettuceEncrypt 1.1.0-beta.73 on .NET 5 but I still get the same error:
LettuceEncrypt can only be used with Kestrel and is not supported on Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl servers. Skipping certificate provisioning.
Is there any kind of workaround?
The beta "preview" package does not have support for .NET 5. The full release 1.0.1 does have support for .NET 5.
You can use the version of the package from origin/main which contains the features and API of version 1.1.0-beta.73 and .NET 5 support.
We need a new preview package to be built and deployed on NuGet.
Is there an ETA on this package, or is there something I can do to help on this issue?
This issue is open since October and I tried the last 3 pre-releases and they all fail for me in .NET5. Also there is this open issue:
#165 saying use pre-release because main version isn't working.
Sorry but I give up on this package...
Thank you for your patience with this project. Work done on this project isn't commissioned, so things tend to get done when someone volunteers time to fix or implement something. I keep an eye on this project and will help shepherd releases for fixes, but I'm not actively developing this on my own. More contributions are welcome!
You are right it's great to see open source projects grow and thanks for all your non commissioned efforts. I was just very frustrated because I've tried several solutions to auto-extend letsencrypt certificates and nothing was working. I'm sure it could be just a minor thing and everything is rolling again here guys :)
For other people getting frustrated this is what I ended up doing, which is not ideal:
I ended up using a certbot script to renew the certificate and restart the server once a week in order for the certificate to be applied via crontab -e. I'd still prefer a C# solution without reboot but it's good enough for my current use case.