Now that "LetsEncryptRenewalService.Certificate" is internal, how do you get the cert for ServerCertificateSelector?

[zigszigsdk]

I have the following code running an older version of what was then called LetsEncrypt:

        private static void ConfigureWebHostForHttpAndHttps(IWebHostBuilder webHostBuilder, StandardConfiguration standardConfiguration)
        {
            webHostBuilder.UseUrls($"http://0.0.0.0:{standardConfiguration.Http.HttpPort}", $"https://0.0.0.0:{standardConfiguration.Http.HttpsPort}");
            webHostBuilder.UseKestrel(kestrelOptions =>
                kestrelOptions.ConfigureHttpsDefaults(httpsOptions =>
                {
                    httpsOptions.ServerCertificateSelector = SslCertificateSelector;
                    httpsOptions.SslProtocols = sslProtocols;
                    httpsOptions.OnAuthenticate = SslOptionConfigurer;
                }));
        }

        private static X509Certificate2 SslCertificateSelector(ConnectionContext c, string s) => 
            LetsEncryptRenewalService.Certificate;

I want to update to a newer version of EncryptWeMust, however the above Certificate on LetsEncryptRenewalService was marked as internal in this commit.

How do I fetch the certificate now?

Edit: I suppose I could be naughty and get it with reflection, but I'd rather do it the right way.

[ffMathy]

You simply shouldn't have to. That step is no longer required.

[zigszigsdk]

Does this mean that if I still call ConfigureHttpsDefaults but without setting a ServerCertificateSelector, it would still work? In other words, the call to ConfigureHttpsDefaults for other reasons will not collide with providing the cert?

        private static void ConfigureWebHostForHttpAndHttps(IWebHostBuilder webHostBuilder, StandardConfiguration standardConfiguration)
        {
            webHostBuilder.UseUrls($"http://0.0.0.0:{standardConfiguration.Http.HttpPort}", $"https://0.0.0.0:{standardConfiguration.Http.HttpsPort}");
            webHostBuilder.UseKestrel(kestrelOptions =>
                kestrelOptions.ConfigureHttpsDefaults(httpsOptions =>
                {
                    httpsOptions.SslProtocols = sslProtocols;
                    httpsOptions.OnAuthenticate = SslOptionConfigurer;
                }));
        }

[ffMathy]

Yes, fairly certain about that 👍 let me know how it goes.

[Viir]

This document from Microsoft seems related: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-8.0

https://github.com/dotnet/AspNetCore.Docs/blob/c73d571a0a892aaa2723bfcb118348abfa22024d/aspnetcore/fundamentals/servers/kestrel/endpoints.md?plain=1#L395

It also says:

Calling ConfigureHttpsDefaults multiple times replaces prior Action instances with the last Action specified.