Home Blog CV Projects Patterns Notes Book Colophon Search

Lets Encrypt on Google App Engine

11 Nov, 2016

Let's imagine you are getting a certificate for jimmyg.org.

brew install letsencrypt
sudo certbot certonly --manual

Enter your email, domain and let it know your IP address.

You'll see a message like this:

Make sure your web server displays the following content at
http://jimmyg.org/.well-known/acme-challenge/<code> before continuing:

lP-<code>.<code>

Create the file specified on your server and paste in the code. When you click OK, certbot will ask Lets Encrypt to go and check the file exists with the correct content, and if it does, it will generate the certificates for you.

I like to copy the certificates locally to work with so they don't have root permissions:

sudo cp -pr /etc/letsencrypt/live/jimmyg.org ~/Desktop/
sudo chown -R james ~/Desktop/jimmyg.org

You can now upload the data in App Engine -> Settings -> SSL:

Public Key

Choose fullchain.pem as your public key.

Private Key

You’ll need to modify your private key:

openssl rsa -in privkey.pem > privkey-rsa.pem

Choose privkey-rsa.pem as your private key.

Every 3 months you'll need to do this again.

Here's a screenshot:

GAE SSL Centre

Copyright James Gardner 1996-2020 All Rights Reserved. Admin.