Skip to content
/ anvil Public
forked from webprofusion/anvil

A client implementation for the Automated Certificate Management Environment (ACME) protocol

certifytheweb.com

License

MIT license
0 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

anyways-open/anvil

1 Branch0 Tags
This branch is 5 commits ahead of, 24 commits behind webprofusion/anvil:main.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

xivkxivk
Another attempt at building the package.
Apr 23, 2024
863398a · Apr 23, 2024

History

825 Commits
.github/workflows
.github/workflows
Apr 23, 2024
.idea/.idea.Certify.ACME.Anvil/.idea
.idea/.idea.Certify.ACME.Anvil/.idea
Apr 23, 2024
docs
docs
May 29, 2023
misc
misc
Mar 29, 2023
src
src
Apr 23, 2024
test
test
Apr 23, 2024
.editorconfig
.editorconfig
Mar 29, 2023
.gitattributes
.gitattributes
Jun 28, 2016
.gitignore
.gitignore
Jun 21, 2018
Certify.ACME.Anvil.sln
Certify.ACME.Anvil.sln
Mar 29, 2023
LICENSE
LICENSE
Mar 29, 2023
README.md
README.md
Jun 9, 2023

Repository files navigation

Anvil

The project is a fork of https://github.com/fszlin/certes with packaging updates, feature updates and experimental extensions.

This library is an ACME client implementation primarily used by https://certifytheweb.com and is subject to changes required by that application.

Extended Features:

  • ACME ARI (renewal info)
  • Certificate chain build does not require installed/embedded root cert
  • Optional use of modern PFX cert/key algorithms for OpenSSL 3.x+ compatibility
  • Authority token challenges, tkauth-01 and TnAuthList

Account

Creating new ACME account:

var acme = new AcmeContext(WellKnownServers.LetsEncryptStagingV2);
var account = await acme.NewAccount("admin@example.com", true);

// Save the account key for later use
var pemKey = acme.AccountKey.ToPem();

Use an existing ACME account:

// Load the saved account key
var accountKey = KeyFactory.FromPem(pemKey);
var acme = new AcmeContext(WellKnownServers.LetsEncryptStagingV2, accountKey);
var account = await acme.Account();

See API doc for additional operations.

Order

Place a wildcard certificate order (DNS validation is required for wildcard certificates)

var order = await acme.NewOrder(new[] { "*.your.domain.name" });

Generate the value for DNS TXT record

var authz = (await order.Authorizations()).First();
var dnsChallenge = await authz.Dns();
var dnsTxt = acme.AccountKey.DnsTxt(dnsChallenge.Token);

Add a DNS TXT record to _acme-challenge.your.domain.name with dnsTxt value.

For non-wildcard certificate, HTTP challenge is also available

var order = await acme.NewOrder(new[] { "your.domain.name" });

Authorization

Get the token and key authorization string

var authz = (await order.Authorizations()).First();
var httpChallenge = await authz.Http();
var keyAuthz = httpChallenge.KeyAuthz;

Save the key authorization string in a text file, and upload it to http://your.domain.name/.well-known/acme-challenge/<token>

Validate

Ask the ACME server to validate our domain ownership

await challenge.Validate();

Certificate

Download the certificate once validation is done

var privateKey = KeyFactory.NewKey(KeyAlgorithm.ES256);
var cert = await order.Generate(new CsrInfo
{
    CommonName = "your.domain.name",
}, privateKey);

Export full chain certification

var certPem = cert.ToPem();

Export PFX

var pfxBuilder = cert.ToPfx(privateKey);
var pfx = pfxBuilder.Build("my-cert", "abcd1234");

About

A client implementation for the Automated Certificate Management Environment (ACME) protocol

certifytheweb.com

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages 1

Languages

  • C# 98.9%
  • Go 1.1%