How to renew service fabric stateless service certificate

Asked Sep 17 '19 at 06:42

Active Sep 18 '19 at 04:26

Viewed 130 times

I've got a gateway stateless service which serves as an entry point to my service fabric cluster. It's secured using let's encrypt SSL certificate. It is set using the service start up like below

return new WebHostBuilder()
.UseKestrel(opt =>
{
  int port = serviceContext.CodePackageActivationContext.GetEndpoint("ServiceEndpoint")
                                .Port;
  opt.Listen(IPAddress.IPv6Any, port, listenOptions =>
  {
    listenOptions.UseHttps(GetCertificateFromStore());
                                    listenOptions.NoDelay = true;
    });
})

Now I would like to automatically renew such certificate. I've got re-fetch logic in place and I can replace it in the key vault easily. However, I have no idea how to replace it in the running application. Especially, that service fabric seems not to have any mechanism to 'restart' a service. I'd be grateful for an suggestions.

edited Sep 18 '19 at 04:26

micahmckittrick

1,476
8
11

asked Sep 17 '19 at 06:42

Maciej Kosarzecki

Eventually we didn't find a way to replace a certificate in the running application. We used `FaultManager.RestartDeployedCodePackageAsync` method to restart a running service. – Maciej Kosarzecki Sep 25 '19 at 08:07

How to renew service fabric stateless service certificate

0 Answers0