I have been trying to add subdomains with SSL support to my Google App Engine project. Currently I am using a custom domain with SSL support. (let's just call it "mydomain.org"). I was able to successfully add subdomains in app engine by going to my google cloud console --> app engine --> settings --> custom domains --> add a custom domain. I then added " *.mydomain.org " as a new custom domain.
With this addition my list of custom domains now looks like: "mydomain.org", "www.mydomain.org", and " *.mydomain.org " Using HTTP, all of these routed correctly to my app. Next step I tried was to add SSL support to the new custom domain. I clicked on the SSL Certificates tab and clicked on my SSL cert I uploaded a while back. In the SSL menu it only listed "mydomain.org" and "www.mydomain.org" in the list I can enable SSL for custom domains. SSL works for those two subdomains, but not " *.mydomain.org ".
I have tried removing the "*.mydomain.org" custom domain and adding it several times to no avail. Also had no luck trying "app.mydomain.org" and "api.mydomain.org" too. Does anyone know what I'm missing?
Related
I used to have permissions to remove a custom domain on Google App Engine or upload a new SSL certificate.
However, one day the SSL certificate was expired and I could not upload a new SSL certificate and got the following warning message.
"You do not have sufficient permissions to view this page".
When I remove this custom domain and also got the following warning message.
"All domains mapped to this application are shown below. Only owners of a domain may remove one of its mappings."
I am the owner of managing the domain name group in Google Cloud DNS and project.
Any ideas to solve this issue.
I solved this problem.
I don’t know why this suddenly happened.
The solution was to remove the app engine and create it again and setup the custom domain.
App engine only allows someone who created this app engine and domain name can manage domain names or update ssl certificates.
Moreover, Google now has a new feature to provide auto-renewed ssl certificates for app engine.
I have a GAE app set up to use a custom domain, let's call it mycustomdomain. This naked domain is working fine over HTTP and HTTPS. I also have a service called api, it can be accessed successfully by going to http://api.mycustomdomain.com (custom domain convention).
However, I can't access the api service over HTTPS. I uploaded a SSL for mycustomdomain.com, but I got an error (site can't be reached) for trying to accessing the api service over HTTPS. My question is do I need to purchase the wildcard.mycustomdomain.com SSL in order to access the api service over HTTPS? I don't have much experience dealing with SSL certs and GAE custom domain, so any help would be greatly appreciated. Thank you!
Edit: updated information for GCP Console configurations.
My app setup in the Console contains the following:
Services: default, api
Custom domain setup: mycustomdomain.com
SSL uploaded: ultrahdlivewallpaper.com (NOT the wildcard version), api.ultrahdlivewallpaper.com (unable to be enabled for custom domain, none matching)
More detail: The problem is when I map both ultrahdlivewallpapers.com and api.ultrahdlivewallpapers.com, they are both mapped to the default service. I want api. to point to the API service. If I only map ultrahdlivewallpapers.com, that allows me to access api service at the api subdomain, but then the api SSL can't be applied to api. subdomain because it's not listed as a subdomain.
07/24/17 Update: I believe this is a limitation with the App Engine Settings after trying out several scenarios via GAE Console. We have a custom domain set up for ultrahdlivewallpapers.com and enabled the SSL cert for this domain. The domain is pointing to the default service. We have a second service set up called API. Google's routing rules for any service set up is via HTTP:// service-id.custom-domain, which in our case is api.ultrahdlivewallpapers.com. However, when I upload the SSL for the api subdomain, Console couldn't find matching domains because the api subdomain is not specified via the Console. Now if I set up api.ultrahdlivewallpapers.com as a custom domain, I'm able to enable the SSL for api subdomain. Problem then becomes api subdomain is now pointing to the default service instead of the api service. If I remove the api mapping, I'm able to browse to the api service again, but no HTTPS! I don't believe there is a way to get this set up correctly without a wildcard SSL enabled for all subdomains. Please let me know if I'm missing anything. I have tried everything I can think of via the Console. Thanks.
You don't necessarily need a "wildcard" cert, per se. But, you do need to get a cert that covers all the subdomains. For example:
mycustomdomain.com
www.mycustomdomain.com
api.mycustomdomain.com
It's a standard solution, and not difficult to do. Certbot (Let's Encrypt) makes it easy.
If you choose to get a wildcard certificate installation is pretty straight forward:
You upload the certificate in the developer console (in App Engine -> Settings -> SSL Certificates -> Upload a new certificate). May require a bit of effort, see also Google App Engine SSL with Let's Encrypt "could not be inserted".
Once it's visible in the certificate table you can click on its name and you'll end up in the certificate edit screen where you can select which custom (sub)domains it applies to (from the list of all custom domains mapped in the app), looks like this:
Note: these are the corresponding custom domain mappings:
If you have another app (under the same admin account) which is also mapped to subdomains of the same domain you can activate the certificate on it as well in a similar manner (the console automatically shows the certificate in the list when you switch apps, no need to upload it again).
Purchased a domain from Google domains and updated settings of my App engine application to add my domain as a Custom domain.
My App engine App link: http://fooapp.appspot.com. Verified that actual link works.
From console.cloud.google.com ->AppEngine->Settings->Custom Domains
verified custom domain ( foobar.com )
"Point your domain to fooapp" (Step-2)
Configure resources and Done
Even after 48hours (wait period for dns propogation), when I launch http://www.foobar.com or http://foobar.com or http://www.sub.foobar.com, I do not see my app engine site. It redirects to http://www.dnsrsearch.com.
nslookup foobar.com shows "Can't find foobar.com: No answer"
What am I missing?
Below is the summary of listings I see under Custom Domains tab in console.cloud.google.com
Was able to resolve it following steps in Google documentation
I had to add Custom resource records under my custom domain's DNS on http://domains.google.com
I'm maintaining a app that is hosted in GAE (appengine),
The app is set up to work with custom domain builder.go-arc.com
(I didn't do the set up - it was done before I got the project).
but when I go to my app in https://appengine.google.com/settings or in https://console.developers.google.com/project/go-arc-builder/appengine/settings/domains/add?authuser=1
I don't see the domain listed under Domain Setup and
Custom domains
My question is: how/where do I configure my domain?
The reason I need this is to configure SSL for the domain.
Unfortunately, custom domains and SSL are set up in different places (for now).
Custom domains ARE configured int the Developer console in the appengine/settings/domains section.
In order to set SSL you need to link you GAE application to a Google Apps Domain and then add the SSL in the Security > SSL for custom domains
Check: https://cloud.google.com/appengine/docs/ssl
I have one domain(abc.com). I added cname as login then url becomes as login.abc.com.
I want to add ssl for custom url. I went to admin console security->ssl for customs domain.
There i need to add "App Engine Application ID", I am trying to add app engine application id, but it is not working. It is redirecting to admin console of that domain.
Billing is already enabled.
I am not getting what is going wrong here.
can anyone guide me ? is any steps i missed out..?
In order to use SSL for custom domains, you need to follow these instructions:
https://developers.google.com/appengine/docs/ssl