Using Let's Encrypt on custom web server implementation


#1

Hey Folks,
I’m new to the web world and I’m a software developer slowly building some dev-ops and IT skills. I have been working on a project where I am writing a minimalist web server in .net and targeting mono. I would like to get it working with https. The .net documentation says that SSL certs and https “just work” if you have an ssl certificate installed on your server (ubuntu 14.04 for me), but certbot seems to be dependent on what web server program is being used.
I don’t know how to proceed and I don’t really know what questions to ask, any help would be appreciated.

Thanks!

(Edit for clarification, this is in c# but it is not ASP.NET or dotnet core.)


#2

Two immediate directions occur to me that might help you decide on some questions :grinning:

Do you want your server to sort out Let’s Encrypt certificates all by itself? Our are you interested firstly just in getting it to do trustworthy HTTPS?

For the latter, you need to find documents about how to write a TLS server with the libraries or frameworks you have. Often in high level languages you can let a library do most of these work with you just providing the personalisation. Specifically that’s going to mean a private key and either one certificate plus a separate chain of intermediates or all the certificates at once. Certbot can makes those things.

If you find these libraries you’re willing to use don’t do this much for you then you’re going to need a lot more specialist knowledge beyond what we can realistically cover here.


#3

Are you asking about obtaining the cert, or using it? For using it, see @tialaramex’s answer. For obtaining it, though, certbot is pretty much server-neutral, but you’ll need to deal with configuring your server yourself. Use the webroot plugin for certbot (certbot webroot …). For this to work, your web server will need to serve a text file at a specified location when requested.

Another option would be to stop your web server when it’s time to issue the cert, and use standalone mode (certbot standalone …). Certbot itself will then act as the web server for the purpose of obtaining your cert.

Alternatively, look at one of the bash or go clients that use DNS authentication, and it won’t need to interact with your web server to issue the cert at all.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.