I've setup a custom domain + SSL cert for a App Engine project about 2 months ago and even though the site is online and requests properly directed to this GAE app the Application Settings in the Console shows no custom domain and no SSL cert?!
It was there before, obviously... Any ideas?
I'll soon need to renew my certificate (is valid for 90 days) and would not want to go through the whole setup of a custom domain
It looks like the CNAME entry to verify ownership was removed (note to self, change provider) so Google could not do it periodic verification (message on the webmaster console...).
I would never though looking there for an issue affecting GAE!
Under some circumstances not all users can see the custom domains - try logging in as the user you set it up with.
Related
I've looked at previous questions enter link description here, but they use the GSuite Administrator to make changes, while my app uses GCloud. The domain registrar is separate since Google domains don't work in my country.
I mainly followed this guide to setting up my Zones and updating the name servers. I've configured the
https://cloud.google.com/dns/docs/update-name-servers
The question I linked to earlier recommended setting up a www. subdomain, but it used Authenticator. I'm not sure how to do this in a zone. I set up all the records properly in my domain registrar.
Here are the settings:
When I load the site itself (There's no actual HTTP response code):
And when I try the www. subdomain
I'm sure there's a step I'm missing, but this is my first site with GCloud. So I'm not very familiar with the process.
I think where is your missing step.
When you ask Google to use your domain, Google will expose HTTPS endpoint. HTTPS requires a certificate, and Google will generate it for you. However, before doing this, Google has to be sure that the domain belong to you.
You have to prove to google that you own your domain. For this, go to this page, log in and add a property (your website URL). Follow the instruction and be sure that your property has been validated.
Then, wait some minutes (hours?) the time that the certificates are generated and deployed.
I successfully configure custom domain for my application on Google App Engine. I can access my app by going to : http://www.myapp.com/.
However, on my custom domain dashboard, Google-Managed SSL is getting a lot of time to activate (I have a loading circular progress that is spinning for 2 hours now).
Before adding custom domain, it says that auto generated SSL can take several minutes to be activated. It has been two hours now. Is it a normal behavior ?
I removed the custom domain and retry the process from the beginning (validating, adding the custom domain) and certificates have been generated in 1 minute.
I have my domain with Google Domains. When adding a subdomain only add the 'sub' portion, e.g. sub.domain.com, only the 'sub' is added as a CNAME record. Same with 'www' for the main domain e.g. www.domain.com. I had previously added 'sub.domian.com' which gcloud App Engine DNS couldn't find.
After validating the domain to google DO NOT rush the SSL certificate adding process. Wait one hour or two after validation, then proceed to add the certificate.
I have a GAE app and a custom domain registered on enom.com. The app is a static website that's configured by app.yaml.
I'm trying to use LetsEncrypt certs for ssl, so I want to have valid certs for both www.example.com and example.com. I can get the cert for www.example.com working fine.
However the problem is in my naked domain. Whenever a http request goes to http://example.com/, it gets redirected to http://www.example.com/, ok. But, if a http request goes to e.g. http://example.com/a.html, the request is still redirected to http://www.example.com/. So when LE servers come looking for their well-known acme-challenge, it fails because they see index.html.
I guess this isn't a common behavior because no one is mentioning this, not at https://code.google.com/p/googleappengine/issues/detail?id=10802, nor at https://github.com/certbot/certbot/issues/1480.
I've tried to dig into why this is happening, one error I can see is here:
If I select to overwrite, GAE says it "failed to insert mapping"
This whole project was started by another person and he claims he's not aware of example.com being assigned anywhere else. I've looked at his Google Cloud Console and it would seem that he's correct.
Maybe something of interest is that in the Domain page of admin.google.com, naked domain redirect is set up. It redirects example.com to www.example.com. I've not found a way to disable it.
On my dns registrar, I have input the four A records, four AAAA records, and a www for CNAME.
TL;DR: My LetsEncrypt acme-challenge is failing for my naked domain, help!
I started getting the same error in app_engine after I went to Google Apps account and added example.com to redirect to wwww.example.com. After I did this, in app_engine I got "is already mapped" error. And there was no way to undo the redirect in Google Apps, so my guess was that Google Apps had mapped it and so App Engine could not modify it or add it. I had to explain this to Support team, and btw Google Apps support is free to call, so contact them and then get transferred to App Engine support team.
There is no way to fix it yourself, you have to get Google Support on call and explain clearly and they can reset. I was bounced between Google Cloud and Google Suites (Apps) support teams 7 times and after 2 weeks finally resolved, each one blaming the other, until I found a guy who understood this issue and fixed it for me.
How do I activate SSL for custom domains on Google Appengine?
The instructions I have read, at https://developers.google.com/appengine/docs/ssl or https://support.google.com/a/answer/2644334?hl=en , seem to refer to an old version of the admin console for Google Apps.
I looked at https://support.google.com/a/answer/2644334?hl=en , but on the current console, if I do Security > Advanced Settings > Set up SSO, there is no place where it asks for the AppEngine Application ID.
I looked at https://developers.google.com/appengine/docs/ssl . It directs me to go to the Admin Console of my App domain, and to find a Domain Settings tab and then go to the SSL subtab. There is no Domain Settings tab, however, and the "Domains" tab only allows me to add domains (without http / https mention).
So, how do I setup SSL for my appengine app that uses a custom domain?
Note: this question has been asked already on StackOverflow, some years ago, but the google dashboards have changed since then, and the information I could find is no longer relevant.
Ok, so that other people can avoid wasting as much time as I did.
When you go to the admin console for your domain, you need to click on Security, but NOT on Advanced settings. Rather, pay attention to the small "Show more" below the other options. If you click that, "SSL for Custom Domains" will magically appear.
No thanks to Google for this horrible user interface.
Hallelujah to Luca. I've wasted a day on this. I had already added the custom domain in the GAE app engine console and was getting the cryptic "We are unable to process your request at this time. Please try again later. (Error #1000)" message.
I wasn't able to assign the certificate to my custom domain. The custom domain wouldn't show in the list in the GAE Security Settings (custom domain) until after removing the custom domain from the GAE console.
AppEngine Introducing managed SSL for Google App Engine for customs domains and it will be got activated automatically, for already added domains please remove it and add once again
More Information-
https://cloudplatform.googleblog.com/2017/09/introducing-managed-SSL-for-Google-App-Engine.html
https://cloud.google.com/appengine/docs/standard/python/securing-custom-domains-with-ssl
I followed the steps detailed here to use a custom domain with google app engine.
I'm the admin of the Google Apps account
I'm the owner of the Google App Engine account
I've added the domain to my Google Apps account through my App Engine account
I see my App Engine app in my Google Apps account
I set the CNAME "test" to point to ghs.googlehosted.com
I added the web address under my Google Apps account and it says "Your users can access my-app-id at: test.mydomain.com
Now when I go to http://test.mydomain.com, it redirects to https://test.mydomain.com and I get an SSL connection error (Unable to make a secure connection to the server.)
I called Google Apps customer support because I have a paid business account, but the customer service guy said that this falls under App Engine support and he was not trained in this issue.
Help!
If you've done everything correctly, you should be able to access your site at http://test.mydomain.com. It sounds from the error you're getting that you're attempting to access it at https://test.mydomain.com (https as opposed to http).
If you want to access your app over SSL at your custom domain, you have more setup to do, as documented here: SSL for a Custom Domain. The steps necessary are many and subject to change; that link is the official source of current information on the matter.
Update: From your updated information, it sounds like you may have secure: always set in your app.yaml, or the Java-configuration equivalent of this setting. It would be helpful if you posted your configuration file.
Also note that it takes several minutes for Google to add a certificate on a domain you recently imported (it may require time for DNS configuration to spread). I personally didn't need to add any secure: configuration, it just worked after some time.