Let’s Encrypt on Google App Engine


Let’s Encrypt is free automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). it is a pretty awesome initiative to provide free SSL certificates to make creating a secure website easier.

 

Let’s Encrypt is a free, automated, and open Certificate Authority.

Here’s how to use it with App Engine. I used Google Cloud Shell to run these commands.

1.Download letsecrypt script  client using git clone:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

so you will have folder containing files like this:

1-clone

2.Generate certificate using letsencrypt:

sudo ./letsencrypt-auto -a manual certonly

3.Challenge and response verification the ownership of your domain.

You’ll see something like this on your console terminal:

mhyusufibrahim@myproject-999999:~/letsencrypt$ sudo ./letsencrypt-auto -a manual certonlySaving debug log to /var/log/letsencrypt/letsencrypt.log

Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’ to cancel): http://www.mydomain.com

Obtaining a new certificate Performing the following challenges: http-01 challenge for  http://www.mydomain.com

3.revisi

NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you’re running certbot in manual mode on a machine that is not your server, please ensure you’re okay with that. Are you OK with your IP being logged?

(Y)es/(N)o: Y

Make sure your web server displays the following content at

http://www.mydomain.com/.well-known/acme-challenge/nuHnBaCxYzkvcUQkOEjLhpYgY_umLjdCr4gRkby1YCM

before continuing:

nuHnBaCxYzkvcUQkOEjLhpYgY_umLjdCr4gRkby1YCM.qvOvSw_BDrdsxvw_X_ce5IgulKkYBS4BMWrUiaqY4iY

If you don’t have HTTP server configured, you can run the following command on the target server (as root): mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge cd /tmp/certbot/public_html printf “%s” nuHnBaCxYzkvcUQkOEjLhpYgY_umLjdCr4gRkby1YCM.qvOvSw_BDrdsxvw_X_ce5IgulKkYBS4BMWrUiaqY4iY > .well-known/acme-challenge/nuHnBaCxYzkvcUQkOEjLhpYgY_umLjdCr4gRkby1YCM # run only once per server: $(command -v python2 || command -v python2.7 || command -v python2.6) -c \ “import BaseHTTPServer, SimpleHTTPServer; \ s = BaseHTTPServer.HTTPServer((”, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \ s.serve_forever()” ——————————————————————————-

Press Enter to – NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you’re running certbot in manual mode on a machine that is not your server, please ensure you’re okay with that. Are you OK with your IP being logged?

(Y)es/(N)o: y

Press Enter to Continue

Waiting for verification…Cleaning up challenges

IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/http://www.mydomain.com/fullchain.pem. Your cert will expire on 2017-09-26. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run “letsencrypt-auto renew” – If you like Certbot, please consider supporting our work by: Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

3.Get your private key.

sudo openssl rsa -inform pem -in /etc/letsencrypt/live/www.mydomain.com/privkey.pem -outform pem | less

5.rsaprivkey

4.Get your public key certificate.

sudo less /etc/letsencrypt/live/http://www.mydomain.com/fullchain.pem

6.pubkey.png
Don’t forget to press enter to scroll down the text

 

Keep in mind that /etc/letsencrypt is not persisted through Cloud Shell restarts, so if you need to keep your private key, you can copy it to your home directory or save it.

5.Upload the certificate to the Google Cloud.

App Engine -> Settings -> SSL Certificate

8.webINterface

10.uploadcert

11.savecert12.savedCert

The final result

15.result.png

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s