Getting this error when running ASP.NET Core in Windows docker container…
Unhandled Exception: System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
I was able to get this to work…
RUN dotnet dev-certs https
But I want to install an actual certificate…for now a self-sign certificate but later a real one.
So based on a blog post titled “Import and bind an SSL cert in a Windows container using Powershell”, I created the following PS script to run in the container build…
Import-PfxCertificate -FilePath C:Certificatesxxx.pfx -Password (ConvertTo-SecureString -String "xxxx" -AsPlainText -Force) `
-CertStoreLocation "Cert:LocalMachineMy"
$cert = (Get-ChildItem -Path cert:LocalMachineMy -DNSName "xxx.mydomain.com")[0]
$thumb = ($cert | Select-Object Thumbprint)."Thumbprint"
$guid = [guid]::NewGuid().ToString("B")
netsh http add sslcert ipport=0.0.0.0:5001 certhash=$thumb certstorename=MY appid="$guid"
This builds fine and seems to install the certificate. But I get the exception when I try to run the container. I tried using 443 instead of 5001, same error
Here is my docker file for reference…
escape=`
FROM xxx/base
EXPOSE 5000
EXPOSE 5001
COPY testing/ /testing
COPY service/ /Service
COPY certificates/ /certificates
COPY scripts/ /scripts
# install certificates
RUN scripts/Install-Container-Certificate.ps1
# configure ASP.NET Core
ENV ASPNETCORE_URLS http://+:80;https://+:443
EXPOSE 80
EXPOSE 443
# RUN dotnet dev-certs https
# start ASP.NET Core
ENTRYPOINT ["dotnet","/Service/xxxService.dll"]
What am I doing wrong?
Best Solution
If you want to run in Development using a self-signed certificate, you might follow here article. For Production scenarios instead here.
In a nutshell, the suggested approach differs from the one you are using as two volumes could be mounted referencing the folders containing your certificate and your dotnet secrets.
You would map your host “%USER%.aspnethttps” folder to your guest “/root/.aspnet/https/” and your host “%APPDATA%microsoftUserSecrets” folder to your guest “/root/.microsoft/usersecrets”.
The main difference between Production and Development is that in Production you would not use secrets and you will need to pass the folder containing your certificate and the password to access it using the environment variables:
- ASPNETCORE_Kestrel__Certificates__Default__Path
- ASPNETCORE_Kestrel__Certificates__Default__Password
Kestrel will go looking on your Linux guest in the “/root/.aspnet/https/” folder for a certificate that has the same name as your project.
If I enable tracing using your appsettings.Development.json:
"Logging": {
"LogLevel": {
"Default": "Trace ",
"System": "Trace ",
"Microsoft": "Trace"
}
}
I see the error below shown if I start running my sample app without a certificate mounted in the guest container:
root@7afc71f877ce:/app# dotnet helloworld.dll
dbug: Microsoft.Extensions.Hosting.Internal.Host[1]
Hosting starting
dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[2]
Failed to locate the development https certificate at '/root/.aspnet/https/helloworld.pfx'.
dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[1]
Unable to locate an appropriate development https certificate.
crit: Microsoft.AspNetCore.Server.Kestrel[0]
Unable to start Kestrel.
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
Hope it helps.