All geek questions in one place

Creating SSL Certificates for the Google App Engine Using ZeroSSL and Encryption

I am trying to install ssl certificates created using the ZeroSSL.com page for Let Encrypt on the Google Cloud Platform. I did it to do it. The ZeroSSL page generates four files in the process: domain-crt.txt domain-Key.txt account-Key.txt domain-csr.txt

Google Cloud Platform asks for two files: PEM-encoded X.509 public key certificate. Unencrypted PEM-encoded RSA private key

I made all the combinations and followed all the offers that I could find on the Internet, but I was not successful.

+4
source share
2 answers

zeroSSL, .

SSL 4096 , Google 2048 . CSR, CSR Generator https://zerossl.com/free-ssl/#csr , 2048 . CSR ( , , LE), LE, , CSR SSL. domain-crt.txt . --- BEGIN CERTIFICATE ----- --- END CERTIFICATE ----- " ". , domain-key.txt " ".

+5

:

Certbot:

$ sudo brew install wget
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x ./certbot-auto
$ ./certbot-auto --help

, cert:

$ cd certbot (if not already there)
$ sudo ./certbot-auto certonly --debug -a manual -d www.yoursite.com -d yoursite.com (<--if you want naked too.)

, URL- , . . URL- . ( .) , www, URL- , . , :

  • ! /etc/letsencrypt/live/www.yoursite.com/fullchain.pem. 2016 -xx-07. , certbot-auto . , "certbot-auto renew"

, pem:

$ cd /private/etc/letsencrypt/live/www.yoursite.com

( , GAE. , privkey.pem):

$ sudo openssl rsa -in privkey.pem -out unencrypted_key.pem

: https://console.cloud.google.com/appengine/settings/certificates?project=yoursite. Upload a new SSL certificate

PEM / . (fullchain.pem - . unencrypted_key.pem - .)

. !

.

Debugging:

GAE invalid:

  • , -!

  • PEM, unencrypted_key.pem privkey.pem

homebrew:

$ cd /usr/local/Library
$ sudo git pull origin master

augeas:

$ brew install augeas

if get Warning: augeas-1.4.0 ,

$ sudo brew link augeas

ExecutableNotFound:

$ brew install dialog

get Warning: dialog-1.2-20150920 ,

$ sudo brew link dialog

:

$ cd certbot
$ ./certbot-auto certonly --debug --force-renew -a manual -d www.yoursite.com -d yoursite.com

( " ...", .) pem:

$ cd /private/etc/letsencrypt/live/www.yoursite.com

( , GAE. , privkey.pem):

$ sudo openssl rsa -in privkey.pem -out unencrypted_key.pem

fullchain.pem - .
unencrypted_key.pem -

GAE , .

+1

Source: https://habr.com/ru/post/1655528/

More articles:


All Articles