README
¶
Let's Encrypt for App Engine
This App Engine module automatically keeps the SSL certificates on your App Engine app up-to-date using Let's Encrypt. Everything is done by your App Engine app - there's no need to touch a commandline, manually upload challenge reponses, or upload certificates to the Cloud Console.
Getting started
-
Check out the code.
go get github.com/hatstand/gacertsbot/appengine cd ${GOPATH:-~/go}/src/github.com/hatstand/gacertsbot/appengine -
Deploy the module to your cloud project.
gcloud app deployThis will create a new module called
ssl-certificatesin your App Engine app. -
Update your
dispatch.yamlto route requests to this module. Add the following two sections:dispatch: - url: "*/.well-known/acme-challenge/*" service: ssl-certificates - url: "*/ssl-certificates/*" service: ssl-certificatesAnd then deploy it with:
gcloud app deploy dispatch.yaml -
Enable the Google App Engine API in your cloud project if it's not enabled already. This allows the module to upload new SSL certificates.
https://console.developers.google.com/apis/api/appengine.googleapis.com/overview
-
Visit the status page. This will automatically register a new account with Let's Encrypt.
http://YOUR_DOMAIN/ssl-certificates/statusYou'll be prompted to add your App Engine service account as an authorized owner of your domain in Google's Webmaster Tools if it isn't already.
-
(Optional) Add an entry to your
cron.yamlto automatically renew certificates when they're 30 days away from expiry. Add the following section:cron: - description: "Renew SSL certificates" url: /ssl-certificates/auto-renew schedule: every monday 00:00 retry_parameters: job_retry_limit: 5 min_backoff_seconds: 60 max_backoff_seconds: 600And then deploy it with:
gcloud app deploy cron.yaml
Troubleshooting
If you are still getting 403 errors after enabling the App Engine Admin API, you may also need to grant the default service account the App Engine Admin IAM role.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetRecentCreateOperations ¶
func GetRecentCreateOperations(c context.Context) (map[string]*CreateOperation, error)
GetRecentCreateOperations returns the most recent create operations for each domain. It deliberately does not use a datastore index.
Types ¶
type CreateOperation ¶
type CreateOperation struct {
// Key is provided by Get* functions, but ignored otherwise.
Key *datastore.Key `datastore:"-"`
HostName string // The hostname we're creating a certificate for.
AuthorizationURI string // ACME Authorization ID.
ChallengeURI string // ACME Challenge ID.
Token string // Challenge token.
Response string // Challenge response.
Accepted time.Time // Time we accepted the challenge.
Responded time.Time // Time we responded to the challenge.
Issued time.Time // Time we were issued a certificate.
Uploaded time.Time // Time we upload the certificate to appengine.
Mapped time.Time // Time we made the certificate the default on the domain.
Error string
MappedCertificateID string
IsFinished bool
}
func GetAllCreateOperations ¶
func GetAllCreateOperations(c context.Context) ([]*CreateOperation, error)
func GetCreateOperation ¶
func GetCreateOperation(c context.Context, token string) (*CreateOperation, error)
func (*CreateOperation) IsOngoing ¶
func (cr *CreateOperation) IsOngoing() bool
type HandlerFunc ¶
HandlerFunc is an HTTP handler that takes a context and returns an error.
Source Files