Compatibility with HTTP/3
MarkCiliaVincenti opened this issue · 14 comments
Has this been tested with HTTP/3 yet please? I'm running into issues whereby the application shuts down if I try enabling HTTP/3.
No, it hasn't been tested. Please share more details about the error and how to reproduce the issue.
I tried but failed to debug the issue. I worked around it by creating https://github.com/MarkCiliaVincenti/LetsNotWorryHowToEncrypt
This is basically a Kestrel service that listens on port 80, uses LettuceEncrypt, exporting the .pfx to the domain name requested and permanently redirecting any HTTP traffic on port 80 to HTTPS.
Then in my actual Kestrel app I just give it the path of the created pfx files, and there I can use HTTP/3.
Interesting, we had this working in our HTTP/3 test setup, though I guess we didn't have an http/80 endpoint.
https://github.com/sebastienros/dotnet-http3/blob/2db113755ad2adf1ebcf151721a18805e9539c67/Program.cs#L17-L22
Thanks for the description. https://github.com/MarkCiliaVincenti/LetsNotWorryHowToEncrypt returns HTTP 404 for me so I don't have a repro yet. @Tratcher's comment makes me think that LettuceEncrypt should be working, but I'll leave this open in case anyone can provide a minimal repro of the problem.
Interesting, we had this working in our HTTP/3 test setup, though I guess we didn't have an http/80 endpoint. https://github.com/sebastienros/dotnet-http3/blob/2db113755ad2adf1ebcf151721a18805e9539c67/Program.cs#L17-L22
Are you sure this works? I tried it (without using Docker, admittedly) on Ubuntu 20.04 (with libmsquic installed of course) and got the following:
info: LettuceEncrypt.Internal.AcmeClient[0]
Using certificate authority https://acme-v02.api.letsencrypt.org/directory
Unhandled exception. System.NotSupportedException: The OnAuthenticate callback is not supported with HTTP/3.
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.CreateHttp3Options(HttpsConnectionAdapterOptions httpsOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.TransportManager.BindAsync(EndPoint endPoint, MultiplexedConnectionDelegate multiplexedConnectionDelegate, ListenOptions listenOptions, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<>c__DisplayClass30_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.EndpointsStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable`1 listenOptions, AddressBindContext context, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
at Microsoft.AspNetCore.Builder.WebApplication.Run(String url)
at Program.<Main>$(String[] args) in C:\Users\user\Source\Repos\dotnet-http3\Program.cs:line 31
And that's besides the other problem that it doesn't send the full chain as per #229
Same issue. .NET 7, latest version everything
Any updates?
Any updates?
Use https://github.com/MarkCiliaVincenti/Tlscertificateloader with Certbot.
I am also experiencing this issue, with the same error message of "The OnAuthenticate callback is not supported with HTTP/3".
The error message suggests that LettuceEncrypt will need to be reworked somewhat to avoid using that callback if it is to support HTTP/3.
The source code throwing the exception can be viewed here: https://source.dot.net/#Microsoft.AspNetCore.Server.Kestrel.Core/Middleware/HttpsConnectionMiddleware.cs,507
Dotnet 7, libmsquic 2.1.7, Ubuntu Server 22.04.1 (arm64).
I hope this issue gets addressed, since I do not want to change to certbot again, but this is keeping me from using HTTP3 for quite some time now.
I hope this issue gets addressed, since I do not want to change to certbot again, but this is keeping me from using HTTP3 for quite some time now.
Have you tried using https://github.com/MarkCiliaVincenti/Tlscertificateloader
?
Without digging in too deep: Is it possible to combine both, so I must never even once use certbot?
Without digging in too deep: Is it possible to combine both, so I must never even once use certbot?
No this library will not do renewals for you. But there are other .NET libraries that just do the renewals for you. I created this project for personal use but put it public so that others could use it. Personally used certbot and set it once and forgot about it.