aspnetcore/fundamentals/servers/yarp/lets-encrypt.md
[!NOTE] The
LettuceEncryptNuGet package described in this article is archived and no longer supported, so the package isn't recommended for use.
YARP can support the certificate authority Lets Encrypt by using the API of another ASP.NET Core project, LettuceEncrypt. It allows you to set up TLS between the client and YARP with minimal configuration.
Add the LettuceEncrypt package dependency:
<PackageReference Include="LettuceEncrypt" Version="1.1.2" />
There are required options for LettuceEncrypt that should be set. See the example of appsettings.json:
{
"Urls": "http://*:80;https://*:443",
"Logging": { ... },
"ReverseProxy": {
"Routes": { ... },
"Clusters": { ... }
},
"LettuceEncrypt": {
// Set this to automatically accept the terms of service of your certificate
// authority.
// If you don't set this in config, you will need to press "y" whenever the
// application starts
"AcceptTermsOfService": true,
// You must specify at least one domain name
"DomainNames": [ "example.com" ],
// You must specify an email address to register with the certificate authority
"EmailAddress": "[email protected]"
}
}
services.AddLettuceEncrypt();
For more options (for example, saving certificates) see the examples in the LettuceEncrypt project README.
If your project is explicitly using Kestrel options to configure IP addresses, ports, or HTTPS settings, call UseLettuceEncrypt:
Example:
var builder = WebApplication.CreateBuilder(args);
builder.WebHost.ConfigureKestrel(kestrel =>
{
kestrel.ListenAnyIP(443, portOptions =>
{
portOptions.UseHttps(h =>
{
h.UseLettuceEncrypt(kestrel.ApplicationServices);
});
});
});