Awesome Open Source
Awesome Open Source

Let's Encrypt C# library

NuGet NuGet

Solution consist of 2 projects:

  • LetsEncrypt.Client (.Net Standard Library - available as nuget package)
  • LetsEncrypt.ConsoleApp (.Net Core Console application)


LetsEncrypt.Client is simple and straightforward C# implementation of ACME client for Let's Encrypt certificates. Library is based on .NET Standard 2.1+. It uses Let's Encrypt v2 API and this library is primary oriented for generation of wildcard certificates as .pfx.


LetsEncrypt.ConsoleApp is C# implementation|usage of previous LetsEncrypt.Client library based on .NET Core 3.1. It is simple console application which generates Let's Encrypt certificates.



Add LetsEncrypt.Client as nuget package (or manual .dll reference) to your project.

First step is to create client object to specific environment (staging or production ... use staging environment first to avoid rate limits):

var acmeClient = new AcmeClient(ApiEnvironment.LetsEncryptV2Staging);

... and let's start:


Create new account:

var account = await acmeClient.CreateNewAccountAsync("[email protected]");


When you want to generate wildcard certificate, I recommend to specify these 2 identifiers: and * as follows:

var order = await acmeClient.NewOrderAsync(account, new List<string> { "", "*" });


Wildcard certificates must by authorized by DNS challenge only. So go one by one and create DNS TXT record.

var challenges = await acmeClient.GetDnsChallenges(account, order);

foreach (var challenge in challenges)
    var dnsText = challenge.VerificationValue;
    // value can be e.g.: eBAdFvukOz4Qq8nIVFPmNrMKPNlO8D1cr9bl8VFFsJM

    // Create DNS TXT record e.g.:
    // key: 
    // value: eBAdFvukOz4Qq8nIVFPmNrMKPNlO8D1cr9bl8VFFsJM
Example no.1:

You want to generate simple certificate for:


DNS TXT must contains 1 record:

  • key:, value : dnsText of challenge for
Example no.2:

You want to generate simple certificate with these subject names:


DNS TXT must contains 2 records :

  • key:, value : dnsText of challenge for
  • key:, value : dnsText of challenge for
Example no.3:

You want to generate wildcard certificate with these subject names:

  • *

DNS TXT must contains 2 records:

  • key:, value : dnsText of challenge for
  • key:, value : dnsText of challenge for *

Yes, * has the same key as !!!


All challenges must be validated:

foreach (var challenge in challenges)
    // Do a validation
    await acmeClient.ValidateChallengeAsync(account, challenge);

    // Verify status 
    var freshChallenge = await acmeClient.GetChallengeAsync(account, challenge);
    if (freshChallenge.Status == ChallengeStatus.Invalid)
        throw new Exception("Something is wrong with your DNS TXT record(s)!");


Finally, generate certificate:

var certificate = await acmeClient.GenerateCertificateAsync(account, order, "");
var password = "YourSuperSecretPassword";

// Generate certificate in pfx format
var pfx = certificate.GeneratePfx(password);

// Generate certificate in crt format
var crt = certificate.GenerateCrt(password);

// Generate certificate in PEM format 
var crtPem = certificate.GenerateCrtPem(password);

// Generate certificate private key in PEM format 
var keyPem = certificate.GenerateKeyPem();

Enjoy! Any feedback is highly appreciated!


Add your correct values to .config file :

<?xml version="1.0" encoding="utf-8" ?>
        <add key="ContactEmail" value="[email protected]" />
        <add key="Domains" value=", *" />
        <add key="CertificateFileName" value="" />
        <add key="CertificatePassword" value="YourSuperSecretPassword" />

and run console application LetsEncrypt.ConsoleApp.exe


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
C Sharp (279,380
Dotnet (7,800
Letsencrypt (899
Certificate (886
Related Projects