All geek questions in one place

Failed to insert "Google Encryption SSL for Google App Engine"

When I try to "Add a new SSL certificate" with the "App Engine Settings" tab, which was generated using the "Allow encryption using the Google App Engine console", a dialog box error occurs and a 400 response to the POST request.


The error "The provided SSL certificate could not be inserted."

Previously generated (about 2 months ago - not yet expired, of course). The SSL key / certificate using the same method is inserted just fine, but none of them are created. I tried both the traditional Let Encrypt and the relatively new Certbot method. I also tried several subdomains, bare domains, special domains and each result with the same error.

I saw some people note that -20-bit-key-size 2048 solved the same problem, but I also tried to specify this (although this is the default value for Certbot as it is). Other answers โ€œwait 2 hours and now workโ€ - search for a real solution, because unreliable inserts and outdated certificates can be a real pain.

+2
source share
3 answers

I had similar problems as well as a few weeks ago when trying to upload my new certificate using the same recipe that I successfully used before.

I ended up working at the end:

  • copy the entire contents of the certificate file into the field labeled Or paste the public key certificate in the box below:

and

  • copy only the full key at the end of my .pem private key in the field labeled Or paste the RSA private key in the box below: (although I donโ€™t remember exactly if I included the leading lines -----BEGIN RSA PRIVATE KEY----- and tailing -----END RSA PRIVATE KEY----- or not).

I (in some way) made several attempts for each of the two copy-paste operations with what was in my head - the feedback with success / error is immediate.

Side note. You might also want to double check your certificate, in my case the first certificate file I managed to download was incomplete (missing intermediate objects), which seemed to work fine from my desktop, but was unsuccessful when viewing from Android, to me had to re-create another one. I used digicert to confirm the problem and verify the second certificate (of course, the following sentences from the SO answer;)

+1
source

If you use certbot in Apache, the default is 4096. So the key length is up to 2048.

certbot-auto --rsa-key-size 2048 From the docs [ https://certbot.eff.org/docs/using.html]

This creates the PEM certificates in the file /etc/letsencrypt/live/example.net

Convert to RSA (change url in cmd to your website).

sudo openssl rsa -inform pem -in / etc / letsencrypt / live / example.net / privkey.pem -outform pem> rsaprivatekey.pem

The above is the team from this blog post http://blog.seafuj.com/lets-encrypt-on-google-app-engine . It also explains how to configure webapp2 web server.

Go to App Engine> Settings> SSL Certificates

Download fullchain.pem Download rsaprivatekey.pem

The file download button works fine - there is no need to insert it if it is more secure.

+4
source

I had this problem. I created certificates in the Google cloud shell.

At first I tried to use fullchain.pem, but that did not work.

/etc/letsencrypt/live/mydomain.com/cert.pem

I released sudo less / etc / letsencrypt / live / whysaurus.com / cert.pem in google cloud shell and uploaded it as pem 509 certificate in appengine and then it was accepted.

0
source

Source: https://habr.com/ru/post/1245885/

More articles:


All Articles