ASP.NET Core with Docker over HTTPS using User Secrets

Question

I am trying to replicate a sample from Microsoft: Developing ASP.NET Core Applications with Docker over HTTPS, but it fails to start, because it cannot find the certificate passed via user secrets. Here are the steps to reproduce (or just follow the link to the sample above):

1. Clone the repository from https://github.com/dotnet/dotnet-docker/ and switch to the sample in the folder samples\aspnetapp

2. (Remove existing dev certs via dotnet dev-certs https --clean)

3. Create new app certificate with password testtest

   dotnet dev-certs https -ep $env:USERPROFILE\.aspnet\https\aspnetapp.pfx -p testtest
   dotnet dev-certs https --trust
   

4. Configure application secret for the certificate with same password testtest

   dotnet user-secrets init -p aspnetapp\aspnetapp.csproj    
   dotnet user-secrets -p aspnetapp\aspnetapp.csproj set "Kestrel:Certificates:Development:Password" "testtest"
   

   The first line adds the UserSecretsId tag to aspnetapp.csproj:

   <UserSecretsId>0d63114d-ac72-4327-96ef-7086a1c48fa6</UserSecretsId>

   It also creates a secrets.json file within %APPDATA%\microsoft\UserSecrets\0d63114d-ac72-4327-96ef-7086a1c48fa6\

   This is the secrets.json content:

   {
     "Kestrel:Certificates:Development:Password": "testtest"
   }
   

5. Build container image

   docker build --pull -t aspnetapp .
   

   Until here eveythings works as expected.

6. Start the docker container passing the secrets:

   docker run --rm -it -p 8001:8001 -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_ENVIRONMENT=Development -v $env:APPDATA\microsoft\UserSecrets\:/root/.microsoft/usersecrets -v $env:USERPROFILE\.aspnet\https:/root/.aspnet/https/ aspnetapp

   This does not work, it does not find the certificate:

   fail: Microsoft.Extensions.Hosting.Internal.Host[11]
     Hosting failed to start
     System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
     To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
   

---

When I pass the certificate password via environment variable to docker run, it will start as expected and exposes the service via https:

docker run --rm -it -p 8001:8001 -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="testtest" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx -v $env:USERPROFILE\.aspnet\https:/https/ mcr.microsoft.com/dotnet/samples:aspnetapp

---

This is the dockerfile:

FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETARCH
WORKDIR /source

# copy csproj and restore as distinct layers
COPY aspnetapp/*.csproj .
RUN dotnet restore -a $TARGETARCH

# copy and publish app and libraries
COPY aspnetapp/. .
RUN dotnet publish -a $TARGETARCH --no-restore -o /app


# final stage/image
FROM mcr.microsoft.com/dotnet/aspnet:8.0
EXPOSE 8080
WORKDIR /app
COPY --from=build /app .
USER $APP_UID
ENTRYPOINT ["./aspnetapp"]

---

Is there anything I am missing in the sample? What do I have to change for Asp.Net Core to be able to use the certificate using user secrets in the docker container?

Additional question: After development works, I am wondering what needs to change for production. I will have a letsencrypt certificate, that I would prefer to use via a volume.