ACME (Let's Encrypt Protocol) Component for Delphi v1.3 Source
ACME (Let's Encrypt Protocol) Component for Delphi v1.3 Source
TExecuteACME component let you request a "Let's Encrypt" certificate for you domain. The component supports HTTP Challenge, you can use a self hosted WebServer (TidHTTPServer) to validate the certificate or use the OnHttpChallenge event to store the challenge reply on your website. In both case you need to manage the domain's HTTP (not HTTPS) server.
Installation
this component is compatible with Delphi Berlin 10.1, Tokyo 10.2.3, Rio 10.3 and Sydney 10.4.2 (even the Community Edition) .
New: this repository contains Sydney compatible DCU (Win32, Win64 and Linux) for testing purpose only, they accepts only Staging environment.
Download the repository
Open ACMEGroup.groupproj
Right click on the project "Execute.ACMEDesign.bpl" and install it
Select the ACMEDemo project
Compile and run the Application
the application requires OpenSSL (for Windows : libeay32.dll and ssleay32.dll) on the first start, the application can create Account.key and Domain.key for you, (generating a 4096bits take some time, this is normal).
Account.key will be your Let's Encrypt account private key, place it on a safe place (with a password).
Domain.key is the private key for the domain (same recommandations).
if you have an error like "SSL routunes:ssl3_read_bytes:tslv1 alert protocol version", you should update the component to version 1.4. The component used Indy socket, but TLS 1.3 is not supported, so in version 1.4 I've swtiched to System.Net.HTTPClient
How does it work ?
1. Registration request
TExecuteACME.RegisterDomain();
-> Account.key -> register a Let's Encrypt account.
-> Domain.key -> send a Certification Signing Request.
-> OnHttpChallenge -> store the challenge Token & Thumbprint.
-> OnDone -> the certificate is not ready yet, try later.
-> Account.key -> register a Let's Encrypt account.
-> Domain.key -> send a Certification Signing Request.
-> OnHttpChallenge -> store the challenge Token & Thumbprint.
-> OnDone -> the certificate is not ready yet, try later.
2. HTTP Challenge
Let's Encrypt -> http://(domain)/.well-known/acme-challenge/(token) <- Thumbprint
3. Retrieve the certificate
TExecuteACME.FinalizeDomain();
-> Account.key -> Retrieve account status.
-> Domain.key -> Retrieve the Certificate from Let's Encrypt.
-> OnCertificate -> store the updated certificate.
-> Account.key -> Retrieve account status.
-> Domain.key -> Retrieve the Certificate from Let's Encrypt.
-> OnCertificate -> store the updated certificate.
version 1.3
Support for 64bits and Linux
Suport for synchronous calls with *Now methods
Support for 64bits and Linux
Suport for synchronous calls with *Now methods
Only for V.I.P
Warning! You are not allowed to view this text.