Black Asphalt Road Surrounded by Green Grass

Introducing Kenc.ACMELib (Lets Encrypt client in .net)

| 0 Comments | words | minutes | Permalink

About a year ago I started using Lets Encrypt for my certificate needs for a variety of websites and online services I run, but being mostly Windows based, I lacked a great automation solution.

In the beginning I tried various solutions, including solutions for automatic certificate renewal for Azure Web Apps, however it didn't really work as great as I wanted to, so I ended up with a few PowerShell scripts to do the certificate requests and handling the token response manually - a far from ideal solution.

While this was ongoing, I was looking for a .net library for the ACME protocol, but didn't find any implementations that supported .net core or had the options I wanted, so around April I started implementing my own.

Beginning the project, I had a few simple rules:

  1. Open Source

  2. Fully unittest-able

  3. Running on Windows & Linux

  4. Implementing the V2 protocol

Hitting a few blockers on the way

Implementation of the base client was pretty simple and within a day I had a working prototype, that could communicate with an ACME v2 implementation following the version of the draft protocol available at the time

While implementing all the functionality of the protocol however, I hit a few issues - first and foremost I was implementing a draft version of the v2 protocol; a protocol still evolving and without many endpoints implementing the server-side of the protocol testing was limited to the ongoing implementation of builder.

Suddenly one day, my prototype simply stopped working as the Lets Encrypt endpoint was rejecting my calls; after researching it for a while, I found a PR on the boulder repository that explained the situation.

Combined with the default behavior of .net HTTP Web Request, all calls would be rejected.

Open sourcing

Previously, all development happened on my VSTS instance where I keep most my code; however, after finding some time during the weekend to clean up the code, I have finally pushed it to GitHub Kencdk/Kenc.ACMELib along with a nuget package on

The repository includes the client source and a sample program that can handle creation of users on lets encrypt v2 endpoints, validating hostname ownership and requesting certificates.

The nuget package contains the build assembly for .net core 2.0 and .net 4.7.2

The project is open sourced under the MIT license

Please contribute

Found a bug? Let me know about it in on GitHub issues or on twitter or submit a PR on the GitHub repo!


Add comment