TlsCertificateLoader
A .NET library for loading of TLS/SSL (HTTPS) certificates for .NET 6.0+ Kestrel web applications, allowing for refreshing of certificates as well as compatibility with HTTP/3.
Install / Use
/learn @MarkCiliaVincenti/TlsCertificateLoaderREADME
TlsCertificateLoader
A .NET library for loading of TLS/SSL (HTTPS) certificates for .NET 6.0+ Kestrel web applications, allowing for refreshing of certificates as well as compatibility with HTTP/3. Fully compatible with certificates obtained by Certbot (see sample project without middleware or see sample project using middleware).
Installation
The recommended means is to use NuGet, but you could also download the source code from here.
Usage without middleware
TlsCertificateLoader.TlsCertificateLoader tlsCertificateLoader = new(fullChainPemFilePath, privateKeyPemFilePath);
options.ListenAnyIp(433, o =>
{
o.SetTlsHandshakeCallbackOptions(tlsCertificateLoader);
o.SetHttpsConnectionAdapterOptions(tlsCertificateLoader);
o.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
});
And to refresh (eg either on a Timer or watching a directory via PhysicalFileProvider):
tlsCertificateLoader.RefreshDefaultCertificates();
You may also add additional certificate collection for other hostnames (for example if you want to set up mydomain.tld as your default certificate and www.mydomain.tld as your alternate one):
tlsCertificateLoader.AddAdditionalCertificates("www.mydomain.tld", fullChainWwwPemFilePath, privateKeyWwwPemFilePath);
And to refresh additional certificate collections (eg either on a Timer or watching a directory via PhysicalFileProvider):
tlsCertificateLoader.RefreshAdditionalCertificates("www.mydomain.tld");
There are overloaded methdods as well that allow you to specify a password for the private key.
tlsCertificateLoader.AddAdditionalCertificates("www.mydomain.tld", fullChainWwwPemFilePath, privateKeyWwwPemFilePath, privateKeyPassword);
If you want to add more than just one additional certificate you can use a different overload as well.
services.AddTlsCertificateLoader(
new Certificate("mydomain.tld", "/etc/letsencrypt"),
[
new Certificate("mydomain.tld", "/etc/letsencrypt"),
new Certificate("db.mydomain.tld", "/etc/letsencrypt"),
new Certificate("server.mydomain.tld", "/etc/letsencrypt")
]);
A sample project using Certbot is available.
Usage with Certbot middleware
Refer to the sample project using Certbot using middleware.
Credits
David Fowler for this idea.
Related Skills
healthcheck
335.8kHost security hardening and risk-tolerance configuration for OpenClaw deployments
node-connect
335.8kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
prose
335.8kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
frontend-design
82.7kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
