Let’s Encrypt is free automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). it is a pretty awesome initiative to provide free SSL certificates to make creating a secure website easier.
Let’s Encrypt is a free, automated, and open Certificate Authority.
Here’s how to use it with App Engine. I used Google Cloud Shell to run these commands.
1.Download letsecrypt script client using git clone:
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
so you will have folder containing files like this:
2.Generate certificate using letsencrypt:
sudo ./letsencrypt-auto -a manual certonly
3.Challenge and response verification the ownership of your domain.
You’ll see something like this on your console terminal:
mhyusufibrahim@myproject-999999:~/letsencrypt$ sudo ./letsencrypt-auto -a manual certonlySaving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’ to cancel): http://www.mydomain.com
Obtaining a new certificate Performing the following challenges: http-01 challenge for http://www.mydomain.com
NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you’re running certbot in manual mode on a machine that is not your server, please ensure you’re okay with that. Are you OK with your IP being logged?
Make sure your web server displays the following content at
If you don’t have HTTP server configured, you can run the following command on the target server (as root): mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge cd /tmp/certbot/public_html printf “%s” nuHnBaCxYzkvcUQkOEjLhpYgY_umLjdCr4gRkby1YCM.qvOvSw_BDrdsxvw_X_ce5IgulKkYBS4BMWrUiaqY4iY > .well-known/acme-challenge/nuHnBaCxYzkvcUQkOEjLhpYgY_umLjdCr4gRkby1YCM # run only once per server: $(command -v python2 || command -v python2.7 || command -v python2.6) -c \ “import BaseHTTPServer, SimpleHTTPServer; \ s = BaseHTTPServer.HTTPServer((”, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \ s.serve_forever()” ——————————————————————————-
Press Enter to – NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you’re running certbot in manual mode on a machine that is not your server, please ensure you’re okay with that. Are you OK with your IP being logged?
Press Enter to Continue
Waiting for verification…Cleaning up challenges
IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/http://www.mydomain.com/fullchain.pem. Your cert will expire on 2017-09-26. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run “letsencrypt-auto renew” – If you like Certbot, please consider supporting our work by: Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
3.Get your private key.
sudo openssl rsa -inform pem -in /etc/letsencrypt/live/www.mydomain.com/privkey.pem -outform pem | less
4.Get your public key certificate.
sudo less /etc/letsencrypt/live/
Keep in mind that
/etc/letsencryptis not persisted through Cloud Shell restarts, so if you need to keep your private key, you can copy it to your home directory or save it.
5.Upload the certificate to the Google Cloud.
App Engine -> Settings -> SSL Certificate
The final result