Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compatibility with HTTP/3 #228

Open
MarkCiliaVincenti opened this issue Nov 1, 2021 · 14 comments
Open

Compatibility with HTTP/3 #228

MarkCiliaVincenti opened this issue Nov 1, 2021 · 14 comments
Labels
external External to this project, so beyond my control question

Comments

@MarkCiliaVincenti
Copy link

Has this been tested with HTTP/3 yet please? I'm running into issues whereby the application shuts down if I try enabling HTTP/3.
@natemcmaster natemcmaster added the more-info-needed Further information is requested label Nov 2, 2021
@natemcmaster
Copy link
Owner

No, it hasn't been tested. Please share more details about the error and how to reproduce the issue.

@MarkCiliaVincenti
Copy link
Author

I tried but failed to debug the issue. I worked around it by creating https://github.com/MarkCiliaVincenti/LetsNotWorryHowToEncrypt

This is basically a Kestrel service that listens on port 80, uses LettuceEncrypt, exporting the .pfx to the domain name requested and permanently redirecting any HTTP traffic on port 80 to HTTPS.

Then in my actual Kestrel app I just give it the path of the created pfx files, and there I can use HTTP/3.

@no-response no-response bot removed the more-info-needed Further information is requested label Nov 3, 2021
@Tratcher
Copy link
Contributor

Tratcher commented Nov 3, 2021
edited

Interesting, we had this working in our HTTP/3 test setup, though I guess we didn't have an http/80 endpoint.
https://github.com/sebastienros/dotnet-http3/blob/2db113755ad2adf1ebcf151721a18805e9539c67/Program.cs#L17-L22

@natemcmaster
Copy link
Owner

Thanks for the description. https://github.com/MarkCiliaVincenti/LetsNotWorryHowToEncrypt returns HTTP 404 for me so I don't have a repro yet. @Tratcher's comment makes me think that LettuceEncrypt should be working, but I'll leave this open in case anyone can provide a minimal repro of the problem.

@MarkCiliaVincenti
Copy link
Author

MarkCiliaVincenti commented Nov 13, 2021 via email

@MarkCiliaVincenti
Copy link
Author

MarkCiliaVincenti commented Nov 13, 2021
edited

Interesting, we had this working in our HTTP/3 test setup, though I guess we didn't have an http/80 endpoint. https://github.com/sebastienros/dotnet-http3/blob/2db113755ad2adf1ebcf151721a18805e9539c67/Program.cs#L17-L22

Are you sure this works? I tried it (without using Docker, admittedly) on Ubuntu 20.04 (with libmsquic installed of course) and got the following:

info: LettuceEncrypt.Internal.AcmeClient[0]
      Using certificate authority https://acme-v02.api.letsencrypt.org/directory
Unhandled exception. System.NotSupportedException: The OnAuthenticate callback is not supported with HTTP/3.
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.CreateHttp3Options(HttpsConnectionAdapterOptions httpsOptions)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.TransportManager.BindAsync(EndPoint endPoint, MultiplexedConnectionDelegate multiplexedConnectionDelegate, ListenOptions listenOptions, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.<>c__DisplayClass30_0`1.<<StartAsync>g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.EndpointsStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable`1 listenOptions, AddressBindContext context, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
   at Microsoft.AspNetCore.Builder.WebApplication.Run(String url)
   at Program.<Main>$(String[] args) in C:\Users\user\Source\Repos\dotnet-http3\Program.cs:line 31

And that's besides the other problem that it doesn't send the full chain as per #229

@MarkCiliaVincenti MarkCiliaVincenti mentioned this issue Nov 13, 2021
Open
@natemcmaster natemcmaster added the external External to this project, so beyond my control label Nov 29, 2021
@ghost
Copy link

ghost commented Nov 11, 2022

Same issue. .NET 7, latest version everything
image

@SajjadToomari
Copy link

Any updates?

@MarkCiliaVincenti
Copy link
Author

Any updates?

Use https://github.com/MarkCiliaVincenti/Tlscertificateloader with Certbot.

@judilsteve
Copy link

judilsteve commented Mar 21, 2023
edited

I am also experiencing this issue, with the same error message of "The OnAuthenticate callback is not supported with HTTP/3".

The error message suggests that LettuceEncrypt will need to be reworked somewhat to avoid using that callback if it is to support HTTP/3.

The source code throwing the exception can be viewed here: https://source.dot.net/#Microsoft.AspNetCore.Server.Kestrel.Core/Middleware/HttpsConnectionMiddleware.cs,507

Dotnet 7, libmsquic 2.1.7, Ubuntu Server 22.04.1 (arm64).

@ArnimSchinz
Copy link

I hope this issue gets addressed, since I do not want to change to certbot again, but this is keeping me from using HTTP3 for quite some time now.

@MarkCiliaVincenti
Copy link
Author

I hope this issue gets addressed, since I do not want to change to certbot again, but this is keeping me from using HTTP3 for quite some time now.

Have you tried using https://github.com/MarkCiliaVincenti/Tlscertificateloader

?

@ArnimSchinz
Copy link

Without digging in too deep: Is it possible to combine both, so I must never even once use certbot?

@MarkCiliaVincenti
Copy link
Author

Without digging in too deep: Is it possible to combine both, so I must never even once use certbot?

No this library will not do renewals for you. But there are other .NET libraries that just do the renewals for you. I created this project for personal use but put it public so that others could use it. Personally used certbot and set it once and forgot about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
external External to this project, so beyond my control question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Tratcher @natemcmaster @judilsteve @SajjadToomari @MarkCiliaVincenti @ArnimSchinz