2

I am trying to run a DotNet Core https server on a Linux container. When I tried running on http, there were no issues.

However, when I try to run using https, I get the following exception:

    crit: Microsoft.AspNetCore.Server.Kestrel[0]
      Unable to start Kestrel.
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
   at Chat.Program.Main(String[] args) in C:\Users\localadmin\source\repos\websocket-manager\samples\chat\Program.cs:line 14
Aborted (core dumped)

Now I know some of you managed to solve this using the commands in Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found, but my container doesn't have dotnet cli installed (that's because I'm not alowed to install it), my application being published as Self-Conatined for linux.

I wanted to ask you if there's a way to solve this issue, without having to install dotnet on the container? Thanks!

Mihnea Cristian Marin
  • 135
  • 2
  • 11
  • Is openssl installed in your container ? If so, check this : https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl to generate a certificate, as for how to specify it as the server certfiicate to use I don't know... yet – Irwene Nov 23 '21 at 10:57
  • And this answer : https://stackoverflow.com/a/60038546/2245256 shares how to specify a server certificate (for an application running in a container) – Irwene Nov 23 '21 at 11:01
  • 1
    Here's how I created a certificate with the SDK tools and copied it to the final image: https://stackoverflow.com/questions/69282468/using-dotnet-dev-certs-with-aspnet-docker-image – Hans Kilian Nov 23 '21 at 11:59
  • Yep...apparently I can copy a certificate from a container with dotnet cli and everything will works. Thanks a lot! – Mihnea Cristian Marin Nov 23 '21 at 12:54

3 Answers3

2

I think you should run the

dotnet dev-certs https

Or remove HTTPS support Configure function in remove code

app.UseHttpsRedirection();
wangyou
  • 35
  • 4
  • 1
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 23 '21 at 10:44
  • 1
    I'm pretty sure your first suggestion cannot be applied by OP, he explicitely specified that he has no access to the dotnet cli in the environment he's trying to setup and has no possibility of installing it. The second one could use some more details on why and in which cases it would be acceptable to do so. – Irwene Nov 23 '21 at 11:05
0

You use docker image mcr.microsoft.com/dotnet/aspnet:5.0

FROM mcr.microsoft.com/dotnet/aspnet:5.0
COPY . /app
WORKDIR /app
EXPOSE 80
EXPOSE 443
ENTRYPOINT ["dotnet", "dev_ops.dll"]
wangyou
  • 35
  • 4
0

From MS docs: Hosting ASP.NET Core images with Docker over HTTPS - macOS or Linux

dotnet dev-certs https --trust is only supported on macOS and Windows. You need to trust certs on Linux in the way that is supported by your distribution. It is likely that you need to trust the certificate in your browser.

Adding trusted root certificates to the server

Linux (Ubuntu, Debian)

  1. Copy your CA to dir /usr/local/share/ca-certificates/ U
  2. Use command: sudo cp foo.crt/usr/local/share/ca-certificates/foo.crt
  3. Update the CA store: sudo update-ca-certificates

Then,

docker pull mcr.microsoft.com/dotnet/samples:aspnetapp

docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="password" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:/https/ mcr.microsoft.com/dotnet/samples:aspnetapp

There is also example for docker-compose Hosting ASP.NET Core images with Docker Compose over HTTPS - macOS or Linux

avukalov
  • 3
  • 3