Aspnetcore: Add support for LetsEncrypt certificate acquisition and rotation in Kestrel

Thx for creating this issue! Some feature requests:

• It should be possible to use the Let’s Encrypt staging server for dev purposes
• It should be possible to create wildcard certificates
• The certificate storage should be pluggable and support multi-instance scenarios
• There should be an Azure Key Vault storage provider

BTW one option to consider is making sure that Kestrel has any/all required hooks for this to be community-implemented (and maybe that's already the case).

The SNI callback added in 2.1 should be all that's needed to plug in a separate implementation. @natemcmaster did your prototype need any additional hooks?

No, but I had to write some code that felt ugly in order to set the SNI callback to use a method on a service from DI.

See https://github.com/natemcmaster/LetsEncrypt/blob/6e5d6d96b20ed2302bfe9bfb5afe3b30d0307488/src/McMaster.AspNetCore.LetsEncrypt/Internal/KestrelOptionsSetup.cs

Yeah, I wouldn't want an end user to have to write that code but it looks reasonable if a LetsEncrypt implementation provided it.

We could make the selector an interface instead of just being a delegate.

And auto-resolve it from DI? The selector needs to be uniquely assignable per endpoint.

I'd like, if this goes ahead, to request support of the X-Path-* headers so that even if you're running Kestrel inside a container, behind a load balancer, behind a proxy it can still get the right certificate.

Is there any news on this e.g. for ASP.NET Core 3?

@SommerEngineering this is not planned for ASP.NET Core 3 as a built-in feature, but we are considering options around having a proper sample and documentation that demonstrates how to do this.

That would be amazing @Eilon!

This would be amazing. Please prioritise this. HTTPS is not easy at the moment with kesteel

I cleaned up the prototype that I wrote last year and have decided to release this to the public as a personal project. It works with ASP.NET Core 2.1, 2.2, and 3.0. Hopefully someone will find this useful.

https://github.com/natemcmaster/LetsEncrypt

I plan to experiment with the proposed library ASAP. Thank you @natemcmaster . I guess the best would be your library goes like JSON.NET which is not part of core but basically de facto standard.

For the time being, I would like to elaborate on our needs.

The company I work for is transitioning from embedded development to IoT. We do not have specific security professionals in house. We need to secure _edge servers_ so it is my understanding wildcards are critical to us.

Looking at how this issue goes on.