You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2025-06-06 07:08:13
- testgary
- Member
- Registered: 2025-02-06
- Posts: 27
ACME + TMVCApplication
procedure ACMEStart;
var
F: TFileName;
ES: TAcmeLetsEncryptServer;
I: integer;
Status: TAcmeStatus;
Cert, PrivateKey: RawUtf8;
begin
RegisterOpenSsl;
F := IncludeTrailingPathDelimiter(GetCurrentDir) + 'sslFolder';
ES := TAcmeLetsEncryptServer.Create(TSynLog, F,
ACME_LETSENCRYPT_DEBUG_URL,
'x509-es256', 'jf93v83');
try
ES.LoadFromKeyStoreFolder;
for I := Low(ES.Client) to High(ES.Client) do
with ES.Client[I] do
begin
RegisterAndWaitFolder(F, F, F, 'jf93v83', 3);
repeat
Status := CheckChallengesStatus;
Sleep(1000);
until Status <> asPending;
if Status = asValid then
begin
Status := ES.Client[I].CompleteDomainRegistration(Cert, PrivateKey, 'jf93v83');
end;
end;
ES.CheckCertificatesBackground;
ES.Redirect('xxx.com', 'https://xxx.com');
ES.Redirect('www.xxx.com', 'https://www.xxx.com');
finally
ES.Free;
end;
end;Below is the JSON file, to be used by the LoadFromKeyStoreFolder method.
{
"contact": "mailto:admin@xxx.com",
"subjects": [
"xxx.com"
"www.com"
]
} 1.Since I don't have a domain name or a public IP, I cannot perform testing. I’m not sure if what I wrote is correct. Is there anything else I should pay attention to?
2.How does ACME integrate with TMvcApplication? Should I directly call RegisterAndWaitFolder to save the certificate files, or how should it be handled?
HttpServer := TRestHttpServer.Create([RestServerDB], '443', 32, secTLS, HTTPSERVER_DEFAULT_OPTIONS,
'C:\Users\FBI\Desktop\BOOK\1\ssl\mycert.pfx',
'C:\Users\FBI\Desktop\BOOK\1\ssl\privkey.pem',
'|&VwVx;2S',
'C:\Users\FBI\Desktop\BOOK\1\ssl\cert.pem'
);
FRestHttpServer.DomainHostRedirect('xxx.com', 'root');
FRestHttpServer.RootRedirectToURI('xxx.com', 'blog/default', true, true);Last edited by testgary (2025-06-06 09:53:52)
Offline
#3 2025-06-06 09:55:43
- testgary
- Member
- Registered: 2025-02-06
- Posts: 27
Re: ACME + TMVCApplication
Sorry, I forgot to check before sending the content.
Offline
#4 2025-06-06 11:22:03
- Chaa
- Member
- Registered: 2011-03-26
- Posts: 255
Re: ACME + TMVCApplication
I created pull request to fix minor ACME client bug:
https://github.com/synopse/mORMot2/pull/367
MVC Blog example with HTTPS and Let's Encrypt certificate:
https://gist.github.com/achechulin/f423 … f5ed261b89
Check it out in real life:
https://mvc-blog.fun/
Offline
#6 2025-06-07 11:35:48
- testgary
- Member
- Registered: 2025-02-06
- Posts: 27
Re: ACME + TMVCApplication
I created pull request to fix minor ACME client bug:
https://github.com/synopse/mORMot2/pull/367
First of all, thank you very much for sharing
I have reviewed your code and noticed that you associate tmvcapplication and acme through reading and writing local certificate files, rather than linking them directly in the code. Could this cause any issues, such as file access conflicts?
Also, it seems you did not use the RegisterAndWaitFolder CompleteDomainRegistration method. Have you tested your code to ensure it runs completely without any problems?
Offline
#7 2025-06-09 03:57:25
- Chaa
- Member
- Registered: 2011-03-26
- Posts: 255
Re: ACME + TMVCApplication
There is low level TAcmeClient class that implements the ACME V2 client, and high level TAcmeLetsEncrypt/TAcmeLetsEncryptClient/TAcmeLetsEncryptServer classes that implements Let's Encrypt domains certificates management.
Also, it seems you did not use the RegisterAndWaitFolder CompleteDomainRegistration method.
TAcmeLetsEncrypt.CheckCertificates check certificates expiration and renew if needed.
I have reviewed your code and noticed that you associate tmvcapplication and acme through reading and writing local certificate files, rather than linking them directly in the code. Could this cause any issues, such as file access conflicts?
In TAcmeLetsEncrypt.LoadFromKeyStoreFolder we set callback mormot.net.sock.OnNetTlsAcceptServerName to point to TAcmeLetsEncrypt implementation, that returns certfifcate matched to requested server name, and after certificate renewed it's reread it from file.
Offline
Pages: 1