oocx / acme.net Goto Github PK

using key base path ./src/Oocx.ACME.CLRConsole/bin/Debug
./src/Oocx.ACME.CLRConsole/bin/Debug/acme-key.xml
writing new key to file ./src/Oocx.ACME.CLRConsole/bin/Debug/acme-key.xml
using server https://acme-staging.api.letsencrypt.org/
Querying directory information from https://acme-staging.api.letsencrypt.org/

Unhandled Exception:
System.TypeLoadException: Could not resolve type with token 01000049

Command

Output Log:

using server https://acme-v01.api.letsencrypt.org/
trying to create new registration
error:
**urn:acme:error:malformed**
Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]

In file class CsrTests

line 62 is:
sut.Save(key.ExportParameters(true), "test.startliste.info", KeyExport.Format.PEM);

but should be:
sut.Save(key.ExportParameters(true), "test.startliste.info", KeyFormat.PEM);

Trying to run the cleint and I get:

Unhandled Exception: System.MissingMethodException: Method not found: '!!0[] Sys
tem.Array.Empty()'.
at Oocx.ACME.Console.ContainerConfiguration.Configure(Options options)
at Oocx.ACME.Console.Program.Execute(Options options) in C:\projects\acme-net
\src\Oocx.ACME.Console\Program.cs:line 32
at CommandLine.ParserResultExtensions.WithParsed[T](ParserResult1 result, Ac tion1 action)
at Oocx.ACME.Console.Program.Main(String[] args) in C:\projects\acme-net\src
Oocx.ACME.Console\Program.cs:line 20
at Oocx.ACME.CLRConsole.Program.Main(String[] args)

From a quick search it's a .NET 4.6/4.5 issue

The parameter IEnumerable Domains could not be parsed.

Type conversion error :-(

Don't know why but it hangs on first Directory response and this fix makes it work:

 src/Oocx.ACME/Client/AcmeClient.cs | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

 diff --git a/src/Oocx.ACME/Client/AcmeClient.cs b/src/Oocx.ACME/Client/AcmeClient.cs 
 index 76fb7c9..832909e 100644
--- a/src/Oocx.ACME/Client/AcmeClient.cs
+++ b/src/Oocx.ACME/Client/AcmeClient.cs
@@ -213,7 +213,8 @@ namespace Oocx.ACME.Client
                 return certificateResponse as TResult;
             }

-            var responseContent = await response.Content.ReadAsAsync<TResult>();
+            var responseJson = await response.Content.ReadAsStringAsync();
+            var responseContent = JsonConvert.DeserializeObject<TResult>(responseJson);

             GetHeaderValues(response, responseContent);

I'm looking for a simple way to create let's encrypt certificates on Windows. Where can I find acme.exe which is mentioned in the documentation?

This worked great for me, too easy. I did have to do an optional update to install .net 4.6.

Is this going to auto renew on its own?

Notes:
I did this on an AWS EC2 T2 micro running windows 2012 R2.

I copied the acme.exe from the Releases link into a folder called LetsEncrypt on my C drive, then opened a command prompt there (Shift + Right Click - Open Command Window here) and then did as instructed: acme.exe -a mywebsite.com -m mailto:[email protected]

During the process, it asks for a password, it was not clear what this was to me - I was thinking it was being mailed to me so I checked my email. Eventually I figured maybe it was asking me to enter a password, so I made one up and it accepted it.

I'm still unclear what the purpose of the email is, I still have not received one, but the site is available over ssl with no errors that I can see.

I am try install in IIS8.5. why show wrong ? How I do it?

using server https://acme-v01.api.letsencrypt.org/
trying to create new registration
error:
urn:acme:error:malformed
Error creating new registration :: Validation of contact mailto:[email protected] f
ailed: Server failure at resolver

Hello
Was working for us for a long while
After the last windows update we get this:

could not create pfx file: System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters)
at Oocx.Asn1PKCS.PKCS12.Pkcs12.CreatePfxFile(RSAParameters key, String pathToCertificate, String password, String pathToPfx) in C:\projects\acme-net\src\Oocx.Asn1PKCS\PKCS12\Pkcs12.cs:line 16
at Oocx.ACME.Console.AcmeProcess.SaveCertificateWithPrivateKey(String domain, RSAParameters key, String certificatePath) in C:\projects\acme-net\src\Oocx.ACME.Console\AcmeProcess.cs:line 93

Ideas?

Are there plans to update the library to target the new csproj format / NETSTANDARD 2.0?

Am up for doing the port if this is a contribution that the project will accept.

• Jason

Is it somehow possible to encode alternative domain names, like to have identical certificate for:
www.example.com and example.com?

Very nice project. I will be looking at using it in a small server project, and it looks like I could just provide my own IChallengeProvider to make it work.

If anyone has hints or has done this, let me know (via here presumably). If I proceed and succeed, I will post any suitable additions.

Isn't it nice to get security software with malware combined?

Hi can someone rebuild the project with the new terms and conditions and submit it as a release.

Thank you

Error occurs during registration. Out of terms of service link.

error:
urn:acme:error:malformed
Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]

Thoughts on merging Oocx.Asn1PKCS & Oocx.Common into Oocx.Acme?

This would let us internalize the internalize the key & certificate encoding/decoding API surface and give us a clean path to replace with corefx implementations when they land.

Security crypto - Roadmap: https://github.com/dotnet/designs/issues/11

Hi,

To use the certificate with the IIS6 Smtp server, one has to install the certificate in the local machine, personal store.
Is this something that one can easily add to the application, or would it require significant changes?