I recently launched a Blazor Server application on a Debian 11 server. The application is running through a Linux Docker container. I have used a DNS to connect my domain name to my server, and am trying to get an SSL certificate applied to my domain for my Blazor app.
By following Certbot guides, I have done the following on my Debian 11 server where my Blazor container is hosted to port 80:
apt-get install cerbot
certbot certonly --standalone
And I got the following message:
Congratulations!
Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem
My site is still not using https. I cannot find any other instructions to apply the SSL from this point. Do I need to add code to my Blazor Server app to point to the SSL files? Do I need to mount the SSL files to somewhere in my Docker container? Thanks.
Update: I have been running my Docker container with the following command. I've tested the mounting of my keys folder and can see it is correct, but I still have issues when launching the container. It appears to be unable to find the keys even though they are mounted to the container correctly:
docker run -p 80:80 -p 443:443 -v /etc/letsencrypt/live/example.com:/https/ -e ASPNETCORE_URLS="https:// ;http:// " -e ASPNETCORE_HTTPS_PORT=443 -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/fullchain.pem -e ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/https/privkey.pem --restart always --name blazorserver blazorserver:1.01
I get these terminal errors, resulting in Program.cs failing to run app.Run();
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {c9ce4f00-c893-456c-b894-6421bf21ffd8} may be persisted to storage in unencrypted form.
Unhandled exception. System.IO.FileNotFoundException: Could not find file '/https/fullchain.pem'.
File name: '/https/fullchain.pem'
at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirError)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode, Func`4 createOpenException)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, UnixFileMode openPermissions, Int64& fileLength, UnixFileMode& filePermissions, Func`4 createOpenException)
at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
at System.IO.StreamReader.ValidateArgsAndOpenPath(String path, Encoding encoding, Int32 bufferSize)
at System.IO.File.ReadAllText(String path, Encoding encoding)
at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.ImportFromPemFile(String certPemFilePath)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
at Program.<Main>$(String[] args) in /src/Program.cs:line 36
CodePudding user response:
So, the issue was that the /etc/letsencrypt/live/example.com/fullchain.pem file needs access to other files in the /etc/letsencrypt hierarchy. After mounting the entire /etc/letsencrypt directory to /https, I was able to access the SSL files with the full path, e.g. /https/live/example.com/fullchain.pem for the __Path variable.
Hopefully somebody finds my troubleshooting useful, as I could not find much information out there for Let's Encrypt SSL setup for Kestrel and/or Blazor.